in reply to MIME::Base64 decode_base64 not tainted

I don't know the answer here but I did a perldoc -m MIME::Base64 and I see it's going through XS (at least on my machine). Now, of course C has no concept of tainting so when the C variable is copied from the tainted Perl variable and is then returned, it is returned as a copy of the C variable and returned without the tainted flag. (Is it called a flag?)

If my theory is right, I would think that lots of XS modules could have this issue.

  • Comment on Re: MIME::Base64 decode_base64 not tainted

Replies are listed 'Best First'.
Re^2: MIME::Base64 decode_base64 not tainted
by ikegami (Patriarch) on Aug 05, 2008 at 07:41 UTC
    It's very similar with the problem that XS has with the UTF8 flag. It's a common mistake to treat strings internally encoded as iso-latin-1 no differently than strings internally encoded as utf-8, and to lose that info when passing derived strings back to Perl.
[reply]

In Section Seekers of Perl Wisdom