Project

General

Profile

Actions
Copy link

Bug #8161

closed

String#+ should inherit untrustedness

Added by marcandre (Marc-Andre Lafortune) over 11 years ago. Updated about 11 years ago.

Status:
Closed
Assignee:
-
Target version:
2.1.0
ruby -v:
r39923
Backport:
[ruby-core:53705]

Description

As noted by Nikolai Weibull [ruby-core:53679], String#+ doesn't maintain untrustedness.

s = "foo".untrust
(s * 2).untrusted? # => true
(s + s).untrusted? # => false, should be true
(s + '').untrusted? # => false, should also be true
Actions
Copy link
 #1 [ruby-core:57347]

Updated by Anonymous about 11 years ago

  • Status changed from Open to Closed

Untrustedness is now deprecated and behaves the same as tainting.

Taintedness is properly propagated in your examples, so I'm closing this.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0