Project

General

Profile

Actions

Bug #8161

closed

String#+ should inherit untrustedness

Added by marcandre (Marc-Andre Lafortune) almost 11 years ago. Updated over 10 years ago.

Status:
Closed
Assignee:
-
Target version:
ruby -v:
r39923
Backport:
[ruby-core:53705]

Description

As noted by Nikolai Weibull [ruby-core:53679], String#+ doesn't maintain untrustedness.

s = "foo".untrust
(s * 2).untrusted? # => true
(s + s).untrusted? # => false, should be true
(s + '').untrusted? # => false, should also be true

Updated by Anonymous over 10 years ago

  • Status changed from Open to Closed

Untrustedness is now deprecated and behaves the same as tainting.

Taintedness is properly propagated in your examples, so I'm closing this.

Actions

Also available in: Atom PDF

Like0
Like0