Project

General

Profile

Actions

Feature #6472

closed

Multiline mode in regexp by default

Added by Sega100500 (Сергей Е) about 10 years ago. Updated about 10 years ago.

Status:
Third Party's Issue
Priority:
Normal
Assignee:
-
Target version:
[ruby-core:45148]

Description

When using regexp there can be a vulnerability:

http://homakov.blogspot.com/2012/05/saferweb-injects-in-various-ruby.html#more

Probably it happens because multiline mode in regexp is default, but this is wrong. Need use 'm' modificator to use this mode.

Updated by fxn (Xavier Noria) about 10 years ago

In Ruby there is no multiline flag, regexps in Ruby are always in multiline mode. See http://advogato.org/person/fxn/diary/498.html for some gotchas regarding regexp flags in Perl vs Ruby.

In Ruby, you need to use \A and \z (or \Z) to match start and end of string.

Updated by shyouhei (Shyouhei Urabe) about 10 years ago

  • Status changed from Open to Third Party's Issue

Not a bug at least. Regexps are working as expected.
Ruby won't prevent you shooting your foot.

Actions

Also available in: Atom PDF