diff --git a/lib/SLUB/LZA/Rosetta/TA.pm b/lib/SLUB/LZA/Rosetta/TA.pm
index 87fd344f33fecbc7d7a44ebcfee74d05094646bd..81b21400c64208a4a8f3e268c97cec9fc9f21299 100644
--- a/lib/SLUB/LZA/Rosetta/TA.pm
+++ b/lib/SLUB/LZA/Rosetta/TA.pm
@@ -19,8 +19,14 @@ our %config;
 our %cache;
 our $cache_path;
 our $SALT = pack("H16", "There is no security by obscurity!");
-BEGIN{
-    my $home = path($ENV{'HOME'});
+BEGIN {
+    my $rx_psep = qr{[/\\]};
+    my $rx_abs  = qr{[A-Z]:};
+    my $rx_sub  = qr{([[:print:]]+)};
+    $ENV{'HOME'} =~ m{^(($rx_abs)?($rx_psep$rx_sub)+)$}m;
+    # untaint $homestr
+    my $homestr = $1;
+    my $home = path($homestr);
     if ($home->is_dir() && !$home->is_rootdir) {
         my $config_path = $home->child('.config')->child('ta-tool.rc');
         our $config_file = $config_path;
@@ -32,10 +38,11 @@ BEGIN{
             }
         }
         $cache_path = $home->child('.cache')->child('ta-tool.cache');
-        if ($cache_path->is_file and -s $cache_path < 8192*1024) { # if size > 8MB, write new at end, see END{}-block
+        if ($cache_path->is_file and -s $cache_path < 8192 * 1024) { # if size > 8MB, write new at end, see END{}-block
             %cache = YAML::LoadFile($cache_path);
         }
     }
+
 }
 
 END {