Feature #6472

Multiline mode in regexp by default

Added by Сергей Е almost 2 years ago. Updated almost 2 years ago.

[ruby-core:45148]
Status:Third Party's Issue
Priority:Normal
Assignee:-
Category:core
Target version:1.9.3

Description

When using regexp there can be a vulnerability:

http://homakov.blogspot.com/2012/05/saferweb-injects-in-various-ruby.html#more

Probably it happens because multiline mode in regexp is default, but this is wrong. Need use 'm' modificator to use this mode.

History

#1 Updated by Xavier Noria almost 2 years ago

In Ruby there is no multiline flag, regexps in Ruby are always in multiline mode. See http://advogato.org/person/fxn/diary/498.html for some gotchas regarding regexp flags in Perl vs Ruby.

In Ruby, you need to use \A and \z (or \Z) to match start and end of string.

#2 Updated by Shyouhei Urabe almost 2 years ago

  • Status changed from Open to Third Party's Issue

Not a bug at least. Regexps are working as expected.
Ruby won't prevent you shooting your foot.

Also available in: Atom PDF