From: tietew@...
Date: 2015-12-22T03:09:50+00:00
Subject: [ruby-core:72427] [Ruby trunk - Bug #11858] CGI.escapeHTML should NOT return frozen string

Issue #11858 has been updated by Toru Iwase.

File escapehtml_dup_str.patch added

Attached a suggested patch.
This patch also adds some tests for not-modified patterns.


----------------------------------------
Bug #11858: CGI.escapeHTML should NOT return frozen string
https://bugs.ruby-lang.org/issues/11858#change-55719

* Author: Toru Iwase
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
After r53220, following snippet fails.

~~~
$ ./ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."'
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
-e:1:in `<main>': can't modify frozen String (RuntimeError)
~~~

In preview2, works.

~~~
$ RBENV_VERSION=2.3.0-preview2 ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."'
ruby 2.3.0preview2 (2015-12-11 trunk 53028) [x86_64-linux]
"Hello, world."
~~~

I think this is backward incompatibility.
`CGI.escapeHTML` should return different and unfreezed string from passed string as `String#gsub`.

~~~
$ ./irb
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
irb(main):001:0> str = "Ruby".freeze
=> "Ruby"
irb(main):002:0> str.object_id
=> 70236871355920
irb(main):003:0> str.gsub(/\d/, '').frozen?
=> false
irb(main):004:0> str.gsub(/\d/, '').object_id
=> 70236871220100  # different object
irb(main):006:0> require 'cgi'
=> true
irb(main):007:0> CGI.escapeHTML(str).frozen?
=> true
irb(main):008:0> CGI.escapeHTML(str).object_id
=> 70236871355920  # same object
~~~


---Files--------------------------------
escapehtml_dup_str.patch (2.06 KB)


-- 
https://bugs.ruby-lang.org/