Um, why reinvent the wheel? Consider using the Untaint module, written by one of your fellow monks.

Also, I'd be very leery of using .* to untaint things. For one thing, you don't know what you're being sent, so it's best to test the parameters you're expecting for a limited set of values you approve of. Untaint provides a convenient interface for doing so.

In addition, you many wish to meditate on this discussion of dot star.

--f