You don't just want to keep out crackers. You want to protect yourself from bugs and user error as well. In general, if your untainting is not ad-hoc, but relies on reusable code instead, such as by using one of the Untaint modules, it is easy to untaint variables for specific kinds of things, like "this is a number", "that's a relative filename", etc. In that case it's easy to properly taint-check everything, and that's what you should be doing.

That said, the pattern you posted has two possible problems that might cause it to fail to match the entirety of everything you apply it to: you're using the + quantifier which requires at least one character, so the input string must not be empty; and you're not using /s, so that the dot won't match newlines.

So as etcshadow pointed out, you want /(.*)/s instead.