Actions
Bug #11858
closed
CGI.escapeHTML should NOT return frozen string
Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
Description
After r53220, following snippet fails.
$ ./ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."'
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
-e:1:in `<main>': can't modify frozen String (RuntimeError)
In preview2, works.
$ RBENV_VERSION=2.3.0-preview2 ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."'
ruby 2.3.0preview2 (2015-12-11 trunk 53028) [x86_64-linux]
"Hello, world."
I think this is backward incompatibility.
CGI.escapeHTML should return different and unfreezed string from passed string as String#gsub.
$ ./irb
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
irb(main):001:0> str = "Ruby".freeze
=> "Ruby"
irb(main):002:0> str.object_id
=> 70236871355920
irb(main):003:0> str.gsub(/\d/, '').frozen?
=> false
irb(main):004:0> str.gsub(/\d/, '').object_id
=> 70236871220100 # different object
irb(main):006:0> require 'cgi'
=> true
irb(main):007:0> CGI.escapeHTML(str).frozen?
=> true
irb(main):008:0> CGI.escapeHTML(str).object_id
=> 70236871355920 # same object
Files
Updated by Tietew (Toru Iwase) about 9 years ago
- File escapehtml_dup_str.patch escapehtml_dup_str.patch added
Attached a suggested patch.
This patch also adds some tests for not-modified patterns.
Updated by nobu (Nobuyoshi Nakada) about 9 years ago
- Status changed from Open to Closed
Applied in changeset r53234.
escape.c: should not freeze
- ext/cgi/escape/escape.c (optimized_escape_html): CGI.escapeHTML
should return unfrozen new string.
[ruby-core:72426] [Bug #11858]
Updated by usa (Usaku NAKAMURA) almost 9 years ago
- Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED
Updated by k0kubun (Takashi Kokubun) about 2 years ago
- Related to Feature #19090: Do not duplicate an unescaped string in CGI.escapeHTML added
Actions
Like0
Like0Like0Like0Like0