I think a fine default is /(\w[-.\w]*)/. I don't see how it would lead to security problems. It might lead to a script that doesn't work because, for example, you need to accept negative numbers, or something with spaces in it, etc.

I'd rather people default to this and then get a chance to reconsider their design when their parameters don't fit that pattern (or whether they like their design and just need a looser untaint pattern). Certainly it should be easy to set a global default. And it should be easy to set no global default so you get told if you forget to pick an untaint pattern for one of your parameters.

Yes, I think there should be a selection of untaint patterns for common data types.

I'd accept (compiled) regular expressions, the name of some predefined untaint pattern/routine, an array ref or hash ref of exactly what values are allowed, or a code ref for the really complex cases.

I also think there should be an upload() method that requires you to specify the full path of the directory you want to save the file to, a maximum file size, a maximum total space to be used by the directory, and give you the option of specifying an alternate untaint pattern for the file name but defaults to something like my first example. I'd probably also have it default to binmode but let you request "text" file uploads. Eventually you might want to support allowing the user to specify a subdirectory.

        - tye (but my friends call me "Tye")