in reply to Any security holes?

Oh, among other issues, there are security concerns with this code.

You should be aware that the URL leading to your script doesn't need to be called by a browser. A malicious user could easily use LWP::UserAgent or a similar module to feed any complicated stuff into your script.

And yes, all these things have happened a lot of times. The OWASP top ten always lists "Injection" as a prominent security risk.

As a minimum security guard you should prevent user-provided HTML from being processed by the browser by using HTML::Entities or HTML::Escape to encode unsafe characters.