Bug #8161

String#+ should inherit untrustedness

Added by Marc-Andre Lafortune over 2 years ago. Updated almost 2 years ago.

[ruby-core:53705]
Status:Closed
Priority:Normal
Assignee:-
ruby -v:r39923 Backport:

Description

As noted by Nikolai Weibull , String#+ doesn't maintain untrustedness.

s = "foo".untrust
(s * 2).untrusted? # => true
(s + s).untrusted? # => false, should be true
(s + '').untrusted? # => false, should also be true

History

#1 Updated by Charlie Somerville almost 2 years ago

  • Status changed from Open to Closed

Untrustedness is now deprecated and behaves the same as tainting.

Taintedness is properly propagated in your examples, so I'm closing this.

Also available in: Atom PDF