Project

General

Profile

Actions

Bug #8161

closed

String#+ should inherit untrustedness

Added by marcandre (Marc-Andre Lafortune) over 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
ruby -v:
r39923
Backport:
[ruby-core:53705]

Description

As noted by Nikolai Weibull [ruby-core:53679], String#+ doesn't maintain untrustedness.

s = "foo".untrust
(s * 2).untrusted? # => true
(s + s).untrusted? # => false, should be true
(s + '').untrusted? # => false, should also be true

Updated by charliesome (Charlie Somerville) about 9 years ago

  • Status changed from Open to Closed

Untrustedness is now deprecated and behaves the same as tainting.

Taintedness is properly propagated in your examples, so I'm closing this.

Actions

Also available in: Atom PDF

Like0
Like0