t/05force_untaint.t - metacpan.org

#!perl -T

use Test::More tests => 3;
use HTML::Template;
use Scalar::Util qw(tainted);

my $text = qq{ <TMPL_VAR NAME="a"> };

my $template = HTML::Template->new(
	debug => 0,
	scalarref => \$text,
	force_untaint => 1,
);

# We can't manually taint a variable, can we?
# OK, let's use ENV{PATH} - it is usually set and tainted [sn]
ok(tainted($ENV{PATH}), "PATH environment variable must be set and tainted for these tests");

$template->param(a => $ENV{PATH} );
eval {
	$template->output();
};

like($@, qr/tainted value with 'force_untaint' option/, 
     "set tainted value despite option force_untaint");

sub tainter { # coderef that returns a tainted value
	return $ENV{PATH};
}

$template->param(a => \&tainter );
eval {
	$template->output();
};

like($@, qr/'force_untaint' option but coderef returns tainted value/, 
     "coderef returns tainted value despite option force_untaint");

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)