https://en.wikipedia.org/wiki/Taint_checking

_pmf_ · on April 29, 2014

Of note is that Perl had this since at least 1998. See http://gunther.web66.com/FAQS/taintmode.html

But of course we just laugh about Perl and pat ourself on our backs with our safe new languages because we clearly know much more than those anachronistic neckbeards.

brohee · on April 29, 2014

The issue I have with Perl taint checking is that data is untainted by a group match within a regexp.

It's not explicit enough and it's easy enough to find legitimate code with accidental untainting of dangerous data.

Ruby requires an explicit untaint call, and IMHO it's the right way to go.

Silhouette · on April 29, 2014

But of course we just laugh about Perl and pat ourself on our backs with our safe new languages

And there is some justification for that: if those "safe new languages" are doing the type checking at compile time, that is better than only finding out you have a safety issue when you fail at run time.

deckiedan · on April 29, 2014

Ah, "Taint" was the missing magic word I couldn't figure out to aid my google-fu (well, duckduckgofu...). Thanks for that - there is a lot of interesting stuff out there. :-)