#!/usr/bin/perl -T
use locale;

# Implementation from perlsec(1) because Scalar::Util's isn't reliable
sub tainted { !eval{ eval("#". substr(join("", @_), 0, 0)); 1;} }
"foo" =~ /[xy]?(.*)/;
die "Boom!" if tainted($1);