t/05-force_untaint.t - metacpan.org

#!perl -T
use Test::More ($] < 5.008000 ? (skip_all => 'force_untaint needs at least perl 5.8.0') : (tests => 4));
use Scalar::Util qw(tainted);
use_ok('HTML::Template');

my $text = qq{ <TMPL_VAR NAME="a"> };

my $template = HTML::Template->new(
    debug         => 0,
    scalarref     => \$text,
    force_untaint => 1,
);

# We can't manually taint a variable, can we?
# OK, let's use ENV{PATH} - it is usually set and tainted [sn]
ok(tainted($ENV{PATH}), "PATH environment variable must be set and tainted for these tests");

$template->param(a => $ENV{PATH});
eval { $template->output() };

like($@, qr/tainted value with 'force_untaint' option/, "set tainted value despite option force_untaint");

# coderef that returns a tainted value
$template->param(a => sub { return $ENV{PATH} });
eval { $template->output() };

like(
    $@,
    qr/'force_untaint' option but coderef returns tainted value/,
    "coderef returns tainted value despite option force_untaint"
);

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)