Project

General

Profile

Actions

Feature #14225

closed

untaint hash key strings

Added by normalperson (Eric Wong) almost 7 years ago. Updated about 3 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:84412]

Description

Since we are working on deprecating and removing $SAFE for [Feature #5455],
I propose untainting all string keys used for hashes in Ruby 2.6.

It will make implementing [Feature #13725] (fstring dedupe of hash keys) easier.

Furthermore, Perl (which I assume is the influence for tainting in Ruby) does
not taint hash keys. In fact, perlsec(1) manpage states:
"Hash keys are never tainted"
cf. http://perldoc.perl.org/perlsec.html

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0