Perl Security: 4. Handling tainted data
Cleaning tainted data

It's not as easy as copying it somewhere else - 
my $new = $dirty;will not get a clean copy of $dirty's value in $new, but it will also taint new.

The value must seem to be generated out of thin air - or at least pretending to do so

A regular expression will do:
sub clean {
    my ($dirty, $clean);
    $dirty = shift;
    if ($dirty =~ /([\w\d\_\.]+)/) {
        $clean = $1;
        %font "std"
    } else {
        die "Oops... I am not sure on what to do in this one: $dirty"
    }
}