Given the clarification that this is in a taint-safe environment, I would be hesitant to use this.
- It uses a hand-rolled URL parser
- Example uses object method calling, code uses non-object parameter parsing (you are not collecting $self in the function)
- &err call uses '&' to prefix the call. This should only be used in certain cases, and this is not one f them.
- Complex patterns to read. Not easily verifiable.
Just my $0.02. With inflation, it is not worth much.