Ruby

I think we should remove tainting as a whole along with $SAFE.
Untainting automatically seems bad practice and counter-intuitive.

eregontp@gmail.com wrote:

Issue #14225 has been updated by Eregon (Benoit Daloze).

I think we should remove tainting as a whole along with $SAFE.

Agreed.

Untainting automatically seems bad practice and counter-intuitive.

It wouldn't untaint the actual non-frozen string; but the frozen
copy which is auto-created when a non-frozen string is used as a
hash key. In other words, it should become:

h = {}
f = 'foo'.taint
h[f] = :bar
h.keys[0].taint? # => false (true in <= 2.5)

# In any version of Ruby, it'll stay:
h.keys[0].object_id != f
# unless f is already frozen

Anyways, I think the change to remove taint should be gradual
(like $SAFE removal) so people ahve time to adapt; and this is
one step.

https://bugs.ruby-lang.org/issues/14225

Proposed patch here:
https://80x24.org/spew/20171230025109.1946-1-e@80x24.org/raw