Taint mode option

[msouth]

Hi,

I understand from your answer on http://stackoverflow.com/questions/6166742/plack-taint-mode that you do not believe in the usefulness of taint mode. However, many people work where a policy requires it.

Hypothetically, if I were to do the work to add it as an option, would you be willing to pull it in?

[miyagawa]

However, many people work where a policy requires it.

By "many people" I think you mean "for me personally", because it's contrary to what I know about many perl web shops that I worked myself, my friends or even most of the Plack developers on IRC do. None of them requires a taint mode.

If you rephrase it as "there are certain organizations whose policy requires the taint mode, including mine" then I'd agree.

Hypothetically, if I were to do the work to add it as an option, would you be willing to pull it in?

Can't answer an hypothetical question: it really depends on the complexity that would add. If that is one line trivial change, then for sure. If it's a 100 line patch that adds a bunch of code to work around the taint mode strictness, then unlikely.

[miyagawa]

OK, well - just as the second comment suggests and my own comment implied as well, Starman and Plack tools do work under -T mode if you don't use the plackup command line utility, which needs to eval the code that you passed in from the command line.

use Starman::Server;

my $app = MyApp->to_psgi; # or whatever way your framework provides
Starman::Server->new->run($app, { port => 5000 });

save this as a script, and run under perl -T and I just confirmed that it works.