From: tietew@... Date: 2015-12-22T03:09:50+00:00 Subject: [ruby-core:72427] [Ruby trunk - Bug #11858] CGI.escapeHTML should NOT return frozen string Issue #11858 has been updated by Toru Iwase. File escapehtml_dup_str.patch added Attached a suggested patch. This patch also adds some tests for not-modified patterns. ---------------------------------------- Bug #11858: CGI.escapeHTML should NOT return frozen string https://bugs.ruby-lang.org/issues/11858#change-55719 * Author: Toru Iwase * Status: Open * Priority: Normal * Assignee: * ruby -v: ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux] * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN ---------------------------------------- After r53220, following snippet fails. ~~~ $ ./ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."' ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux] -e:1:in `
': can't modify frozen String (RuntimeError) ~~~ In preview2, works. ~~~ $ RBENV_VERSION=2.3.0-preview2 ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."' ruby 2.3.0preview2 (2015-12-11 trunk 53028) [x86_64-linux] "Hello, world." ~~~ I think this is backward incompatibility. `CGI.escapeHTML` should return different and unfreezed string from passed string as `String#gsub`. ~~~ $ ./irb ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux] irb(main):001:0> str = "Ruby".freeze => "Ruby" irb(main):002:0> str.object_id => 70236871355920 irb(main):003:0> str.gsub(/\d/, '').frozen? => false irb(main):004:0> str.gsub(/\d/, '').object_id => 70236871220100 # different object irb(main):006:0> require 'cgi' => true irb(main):007:0> CGI.escapeHTML(str).frozen? => true irb(main):008:0> CGI.escapeHTML(str).object_id => 70236871355920 # same object ~~~ ---Files-------------------------------- escapehtml_dup_str.patch (2.06 KB) -- https://bugs.ruby-lang.org/