I'm passing a javascript 'escaped()' string to a CGI script via the QUERY_STRING.
This works as long as I don't use 'strict' but when I do I get this error

....can't use global $1

$ENV{'QUERY_STRING'} = "n%26d+a%20l%24"; # test result to be "n&d+a l$"
my $data = $ENV{'QUERY_STRING'};
my $data =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack('C',hex($1))/eg;
print "$data\n";

Is there a simple soultion?

You are declaring $data with my twice.

And just a note to simplify the regex. Since you know the two characters following a % are hex digits, there's no reason for the character classes, and pack('C', ...) can be more simply replaced with chr.$data =~ s/%(..)/chr hex $1/eg;

Dah!!! :o
And thanks for the tip on the simplification