Running the validator locally: taint mode problems

Hi,

I'm trying to get the W3C validator up and running locally, on a machine
running Fedora Core 1 i386/Apache 1.3.29/perl 5.8.3/OpenJADE 1.3.2.

It was all looking pretty good, except that when I first tried to validate
something, there appeared to be no output from the SGML parser. The source
of the page I was trying to validate was retrieved OK. After searching the
archives, I added the query parameter "errors=1" and this identified the
problem; the output said:

Insecure dependency in exec while running with -T switch at
/usr/lib/perl5/5.8.3/IPC/Open3.pm line 241.

Now, I understand that this is a taint mode warning but I'm not really a
Perl person so I'm not immediately able to track down what might be
causing it. I had a look but couldn't find anything obvious on this list
or on Google about it in relation to the W3C validator. 

Since this is in a trusted environment, I removed the -T switch from the
"check" script and everything now works OK. So all is well and good as far
as I'm concerned; however I wondered whether this is a bug/risky behaviour
by the validator that needs fixing? Or is this in fact a spurious warning
caused by something in my wider environment that isn't configured
correctly?

I'm happy to provide any additional information required, if it helps to
track down the source of this problem.


Thanks,

Tim

Received on Thursday, 22 April 2004 07:45:13 UTC