Project

General

Profile

Actions
Copy link

Bug #11858

closed

CGI.escapeHTML should NOT return frozen string

Added by Tietew (Toru Iwase) about 9 years ago. Updated almost 9 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
Backport:
2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED
[ruby-core:72426]

Description

After r53220, following snippet fails.

$ ./ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."'
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
-e:1:in `<main>': can't modify frozen String (RuntimeError)

In preview2, works.

$ RBENV_VERSION=2.3.0-preview2 ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."'
ruby 2.3.0preview2 (2015-12-11 trunk 53028) [x86_64-linux]
"Hello, world."

I think this is backward incompatibility.
CGI.escapeHTML should return different and unfreezed string from passed string as String#gsub.

$ ./irb
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
irb(main):001:0> str = "Ruby".freeze
=> "Ruby"
irb(main):002:0> str.object_id
=> 70236871355920
irb(main):003:0> str.gsub(/\d/, '').frozen?
=> false
irb(main):004:0> str.gsub(/\d/, '').object_id
=> 70236871220100  # different object
irb(main):006:0> require 'cgi'
=> true
irb(main):007:0> CGI.escapeHTML(str).frozen?
=> true
irb(main):008:0> CGI.escapeHTML(str).object_id
=> 70236871355920  # same object

Files

escapehtml_dup_str.patch (2.06 KB) escapehtml_dup_str.patch Tietew (Toru Iwase), 12/22/2015 03:08 AM

Related issues 1 (0 open1 closed)

Related to Ruby master - Feature #19090: Do not duplicate an unescaped string in CGI.escapeHTMLClosedActions
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0