Project

General

Profile

Bug #8161

String#+ should inherit untrustedness

Added by Marc-Andre Lafortune over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
ruby -v:
r39923
Backport:
[ruby-core:53705]

Description

As noted by Nikolai Weibull , String#+ doesn't maintain untrustedness.

s = "foo".untrust
(s * 2).untrusted? # => true
(s + s).untrusted? # => false, should be true
(s + '').untrusted? # => false, should also be true

History

#1 [ruby-core:57347] Updated by Charlie Somerville about 3 years ago

  • Status changed from Open to Closed

Untrustedness is now deprecated and behaves the same as tainting.

Taintedness is properly propagated in your examples, so I'm closing this.

Also available in: Atom PDF