#!perl -T

use Test::More tests => 3;
use HTML::Template;
use Scalar::Util qw(tainted);

my $text = qq{ <TMPL_VAR NAME="a"> };

my $template = HTML::Template->new(
	debug => 0,
	scalarref => \$text,
	force_untaint => 1,
);

# We can't manually taint a variable, can we?
# OK, let's use ENV{PATH} - it is usually set and tainted [sn]
ok(tainted($ENV{PATH}), "PATH environment variable must be set and tainted for these tests");

$template->param(a => $ENV{PATH} );
eval {
	$template->output();
};

like($@, qr/tainted value with 'force_untaint' option/, 
     "set tainted value despite option force_untaint");

sub tainter { # coderef that returns a tainted value
	return $ENV{PATH};
}

$template->param(a => \&tainter );
eval {
	$template->output();
};

like($@, qr/'force_untaint' option but coderef returns tainted value/, 
     "coderef returns tainted value despite option force_untaint");