commands uage doesn't work in taint mode

[guillomovitch]

• Mojolicious version: 8.59
• Perl version: 5.28.3
• Operating system: Linux

Steps to reproduce the behavior

$> perl  -T ~/test.psgi get /
Insecure dependency in eval while running with -T switch at /usr/share/perl5/vendor_perl/Mojo/Loader.pm line 42.

Expected behavior

$> perl  -T ~/test.psgi get /
[2020-08-17 12:14:56.55332] [23712] [debug] [pkIKuEcG] GET "/"
[2020-08-17 12:14:56.55366] [23712] [debug] [pkIKuEcG] Routing to a callback
[2020-08-17 12:14:56.55416] [23712] [debug] [pkIKuEcG] Rendering template "index.html.ep" from DATA section
[2020-08-17 12:14:56.55540] [23712] [debug] [pkIKuEcG] 200 OK (0.002073s, 482.393/s)
<script>
  var ws = new WebSocket('http://127.0.0.1:44605/title');
  ws.onmessage = function (event) { document.body.innerHTML += event.data };
  ws.onopen    = function (event) { ws.send('https://mojolicious.org') };
</script>

Fix

Fixed by PR #1552

Test case

use Mojolicious::Lite -signatures;

# Render template "index.html.ep" from the DATA section
get '/' => sub ($c) {
  $c->render(template => 'index');
};

app->start;
__DATA__

@@ index.html.ep
% my $url = url_for 'title';
<script>
  var ws = new WebSocket('<%= $url->to_abs %>');
  ws.onmessage = function (event) { document.body.innerHTML += event.data };
  ws.onopen    = function (event) { ws.send('https://mojolicious.org') };
</script>

[kraih]

Nothing in Mojolicious supports taint mode, it's pointless.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It may be closed if no further activity occurs. This is not a judgment on the merits of the issue, but an indication that more information may be needed to determine the appropriate course of action, if any. Thank you for your contributions.

[kraih]

I think we can close this, since there is no chance we will ever support taint mode.