Bug #8161

String#+ should inherit untrustedness

Added by Marc-Andre Lafortune about 1 year ago. Updated 7 months ago.

[ruby-core:53705]
Status:Closed
Priority:Normal
Assignee:-
Category:core
Target version:2.1.0
ruby -v:r39923 Backport:

Description

As noted by Nikolai Weibull , String#+ doesn't maintain untrustedness.

s = "foo".untrust
(s * 2).untrusted? # => true
(s + s).untrusted? # => false, should be true
(s + '').untrusted? # => false, should also be true

History

#1 Updated by Charlie Somerville 7 months ago

  • Status changed from Open to Closed

Untrustedness is now deprecated and behaves the same as tainting.

Taintedness is properly propagated in your examples, so I'm closing this.

Also available in: Atom PDF