In Tk.pm, find "sub TranslateFileName" and insert the
following line as the last line of the "unless" block
(making it line 353 in my copy of Tk.pm):
$Home = ( $Home =~ m#^([-\w/.:,]+)# )  if  Tk::tainting;