- Perl trusts you to know what's safe
my $filename = $ARGV[0]; # $filename is tainted if($filename =~ /^([a-z]+)$/i) { $filename = $1; # $filename is not tainted } else { die "only letters allowed in filename"; } $ENV{PATH} = '/bin:/usr/bin'; # PATH now considered safe delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; system "echo $filename" # now considered safe