that could be a potential drawback to this module when using user-supplied strings.
Technically, that's true. However ISTM that it's much the same as saying that DBI is vulnerable by design because putting user-supplied strings into a do() or prepare() call could result in SQL injection. But that's OK because nobody in their right mind would write code which passed unvalidated user-supplied data to such methods. And the same is true for Module::Load. Perhaps moreso because in the latter's case it is easily blocked by taint mode:
$ cat tm.pl #!/usr/bin/perl -T use strict; use warnings; use Module::Load; my $garbage = shift @ARGV; load $garbage; print "This is fine.\n"; $ ./tm.pl foo Insecure dependency in require while running with -T switch at /usr/sh +are/perl5/vendor_perl/Module/Load.pm line 77. Insecure dependency in require while running with -T switch at /usr/sh +are/perl5/vendor_perl/Module/Load.pm line 77. $
YMMV but I'm perfectly happy to carry on using it in a secure fashion.
In reply to Re^3: Use 'use' in foreach
by hippo
in thread Use 'use' in foreach
by zidi
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |