Project

General

Profile

Feature #6472

Multiline mode in regexp by default

Added by Sega100500 (Сергей Е) over 7 years ago. Updated over 7 years ago.

Status:
Third Party's Issue
Priority:
Normal
Assignee:
-
Target version:
[ruby-core:45148]

Description

When using regexp there can be a vulnerability:

http://homakov.blogspot.com/2012/05/saferweb-injects-in-various-ruby.html#more

Probably it happens because multiline mode in regexp is default, but this is wrong. Need use 'm' modificator to use this mode.

History

Updated by fxn (Xavier Noria) over 7 years ago

In Ruby there is no multiline flag, regexps in Ruby are always in multiline mode. See http://advogato.org/person/fxn/diary/498.html for some gotchas regarding regexp flags in Perl vs Ruby.

In Ruby, you need to use \A and \z (or \Z) to match start and end of string.

Updated by shyouhei (Shyouhei Urabe) over 7 years ago

  • Status changed from Open to Third Party's Issue

Not a bug at least. Regexps are working as expected.
Ruby won't prevent you shooting your foot.

Also available in: Atom PDF