I agree with
dws,
Juerd and
grep, if you are writting code that is
Taint-safe, then the <cod>-T</code> is just to keep you in check. I understand from your reply to
dws that you are looking for things other monks have used when working with
Tainted data, and i just wanted to say that i am a huge believer in the list versions of
system() and
exec(), and even feel a need to shamelessly promote
this node about the diffrence.
Other than that, if you know your data, you will know your un-taint-o-rator. If you are using things like
$bad_data =~ m/^(.*)$/; $bad_data=$1, then you have missed what tainting is about. I shy away from catch-all un-tainting, but, if you are looking for common idioms, i only usually use things like
\d+ and such, though, i don't do much
CGI, so i don't have the largest frame of reference :/.
just my €0.02
from the frivolous to the serious