[ruby-dev:49452] [Ruby trunk - Bug #11855] CGI.escapeHTML and taint/frozen
From:
takashikkbn@...
Date:
2015-12-21 15:01:41 UTC
List:
ruby-dev #49452
Issue #11855 has been updated by Takashi Kokubun.
File 0001-Preserve-original-state-for-tainted-and-frozen.patch added
ruby -v changed from ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin1=
4] to ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin15]
=E3=81=94=E5=A0=B1=E5=91=8A=E3=81=82=E3=82=8A=E3=81=8C=E3=81=A8=E3=81=86=E3=
=81=94=E3=81=96=E3=81=84=E3=81=BE=E3=81=99=E3=80=82=E4=BF=AE=E6=AD=A3=E3=83=
=91=E3=83=83=E3=83=81=E3=82=92=E6=9B=B8=E3=81=8D=E3=81=BE=E3=81=97=E3=81=9F=
=E3=80=82
https://github.com/ruby/ruby/pull/1166
----------------------------------------
Bug #11855: CGI.escapeHTML and taint/frozen
https://bugs.ruby-lang.org/issues/11855#change-55712
* Author: Kazuhiro NISHIYAMA
* Status: Open
* Priority: Normal
* Assignee:=20
* ruby -v: ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin15]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
taint =E3=83=95=E3=83=A9=E3=82=B0=E3=82=84 frozen =E3=81=AE=E6=89=B1=E3=81=
=84=E3=81=8C=E5=A4=89=E3=82=8F=E3=81=A3=E3=81=A6=E3=81=97=E3=81=BE=E3=81=A3=
=E3=81=A6=E3=81=84=E3=82=8B=E3=82=88=E3=81=86=E3=81=A7=E3=81=99=E3=80=82
~~~
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
~~~
~~~
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
~~~
---Files--------------------------------
0001-Preserve-original-state-for-tainted-and-frozen.patch (1.88 KB)
--=20
https://bugs.ruby-lang.org/