Home/ Questions/Q 9153153
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T12:13:12+00:00

I am reading this document to learn Perl’s taint mode => http://www.webreference.com/programming/perl/taint/index.html It is

  • 0

I am reading this document to learn Perl’s taint mode => http://www.webreference.com/programming/perl/taint/index.html

It is mentioned one way of clean tainted value,

Another more obscure way to clean tainted values is to use them as a
hash key; since hash keys themselves are never considered tainted

I do not quite understand what means “use them as a hash key”, and why hash key as never treated as tainted. Appreciate if anyone could help?

thanks in advance,
Lin

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should really pay no attention to that statement. What it means is that, if you run this in taint mode

    my $fname = <>;
chomp $fname;
open my $fh, '>', $fname;

    then the program will die because you are using a tainted value for the file name. But if you store that value as a hash key, like this

    my $fname = <>;
chomp $fname;
my %data;
$data{$fname} = 1;
open my $fh, '>', $_ for keys %data;

    then the code will run fine.

    The reason for this is nothing to do with wisdom about tainted values, but rather that the keys of a hash aren’t scalar values, but just simple strings that are stored within the internal Perl hash structure. Perl scalar values – like scalar variables or hash or array values – are much more complicated data structures that contain information about the status and nature of the value as well as its actual contents, and only these can be flagged as being tainted. In contrast a hash key is just a string of characters, and it cannot carry any status information.

    So, as I said, apart from being aware of this shortcoming of Perl, you should ignore this statement in the documentation.

    • 0