Project

General

Profile

Bug #11855

CGI.escapeHTML and taint/frozen

Added by znz (Kazuhiro NISHIYAMA) over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin15]
[ruby-dev:49451]

Description

taint フラグや frozen の扱いが変わってしまっているようです。

% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false

Files

Associated revisions

Revision 1b107d48
Added by nobu (Nobuyoshi Nakada) over 3 years ago

escape.c: Preserve original state

  • ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 53233
Added by nobu (Nobuyoshi Nakada) over 3 years ago

escape.c: Preserve original state

  • ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855]

Revision 53233
Added by nobu (Nobuyoshi Nakada) over 3 years ago

escape.c: Preserve original state

  • ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855]

Revision 53233
Added by nobu (Nobuyoshi Nakada) over 3 years ago

escape.c: Preserve original state

  • ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855]

Revision 53233
Added by nobu (Nobuyoshi Nakada) over 3 years ago

escape.c: Preserve original state

  • ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855]

Revision 53233
Added by nobu (Nobuyoshi Nakada) over 3 years ago

escape.c: Preserve original state

  • ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855]

History

Updated by k0kubun (Takashi Kokubun) over 3 years ago

ご報告ありがとうございます。修正パッチを書きました。

https://github.com/ruby/ruby/pull/1166

#2

Updated by nobu (Nobuyoshi Nakada) over 3 years ago

  • Status changed from Open to Closed

Applied in changeset r53233.


escape.c: Preserve original state

  • ext/cgi/escape/escape.c (preserve_original_state): Preserve original state for tainted and frozen. [Fix GH-1166] [ruby-dev:49451] [Bug #11855]

Updated by usa (Usaku NAKAMURA) over 3 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED

Also available in: Atom PDF