in reply to Re^2: CGI::Paranoia - Re^4: Is the force_untaint option in HTML::Template overkill?
in thread Is the force_untaint option in HTML::Template overkill?

I think the CGI module is better placed to produce an untainted start_form() value then the application.
No. You're severely confused about taint. Taint protects you from doing stupid things with system calls, like 
my $stupid = $q->param('unsafe');#unsafe=rm -rf/
$stupid = $q->start_form;
system $stupid; # kill me now

[download]
HTML::Template leverages taint to protect you from XSS.
  • Comment on Re^3: CGI::Paranoia - Re^4: Is the force_untaint option in HTML::Template overkill?
  • Download Code

In Section Seekers of Perl Wisdom