Project

General

Profile

Feature #6472

Multiline mode in regexp by default

Added by Сергей Е over 4 years ago. Updated over 4 years ago.

Status:
Third Party's Issue
Priority:
Normal
Assignee:
-
[ruby-core:45148]

Description

When using regexp there can be a vulnerability:

http://homakov.blogspot.com/2012/05/saferweb-injects-in-various-ruby.html#more

Probably it happens because multiline mode in regexp is default, but this is wrong. Need use 'm' modificator to use this mode.

History

#1 [ruby-core:45149] Updated by Xavier Noria over 4 years ago

In Ruby there is no multiline flag, regexps in Ruby are always in multiline mode. See http://advogato.org/person/fxn/diary/498.html for some gotchas regarding regexp flags in Perl vs Ruby.

In Ruby, you need to use \A and \z (or \Z) to match start and end of string.

#2 [ruby-core:45150] Updated by Shyouhei Urabe over 4 years ago

  • Status changed from Open to Third Party's Issue

Not a bug at least. Regexps are working as expected.
Ruby won't prevent you shooting your foot.

Also available in: Atom PDF