Actions
Bug #11855
closedCGI.escapeHTML and taint/frozen
Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin15]
Description
taint フラグや frozen の扱いが変わってしまっているようです。
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
Files
Updated by k0kubun (Takashi Kokubun) over 8 years ago
- File 0001-Preserve-original-state-for-tainted-and-frozen.patch 0001-Preserve-original-state-for-tainted-and-frozen.patch added
- ruby -v changed from ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14] to ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin15]
ご報告ありがとうございます。修正パッチを書きました。
Updated by nobu (Nobuyoshi Nakada) over 8 years ago
- Status changed from Open to Closed
Applied in changeset r53233.
escape.c: Preserve original state
- ext/cgi/escape/escape.c (preserve_original_state): Preserve
original state for tainted and frozen. [Fix GH-1166]
[ruby-dev:49451] [Bug #11855]
Updated by usa (Usaku NAKAMURA) about 8 years ago
- Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED
Actions
Like0
Like0Like0Like0