ruby-dev

[#49487] [Ruby trunk Bug#11843] enc/windows_1250.c syntax error with fcc on Solaris -- C++(C99)-style comments should not be used — usa@...

Issue #11843 has been updated by Usaku NAKAMURA.

1 message 2016/02/03

[#49488] [Ruby trunk Bug#11853] "variable.c line 43: warning: modification of typedef with int ignored" on Solaris — usa@...

Issue #11853 has been updated by Usaku NAKAMURA.

1 message 2016/02/03

[#49489] [Ruby trunk Bug#11742] lib/webrick/utils.rb:196:in `register': ERROR RuntimeError: can't add a new key into hash during iteration — usa@...

Issue #11742 has been updated by Usaku NAKAMURA.

1 message 2016/02/03

[#49490] [Ruby trunk Bug#11855] CGI.escapeHTML and taint/frozen — usa@...

Issue #11855 has been updated by Usaku NAKAMURA.

1 message 2016/02/03

[#49491] [Ruby trunk Bug#11742] lib/webrick/utils.rb:196:in `register': ERROR RuntimeError: can't add a new key into hash during iteration — ngotogenome@...

Issue #11742 has been updated by Naohisa Goto.

1 message 2016/02/03

[#49492] [Ruby trunk Bug#11742] lib/webrick/utils.rb:196:in `register': ERROR RuntimeError: can't add a new key into hash during iteration — usa@...

Issue #11742 has been updated by Usaku NAKAMURA.

1 message 2016/02/03

[#49493] [Ruby trunk Bug#12052] String#encode with xml option returns wrong result — nobu@...

Issue #12052 has been reported by Nobuyoshi Nakada.

1 message 2016/02/05

[#49494] [Ruby trunk Bug#11834] Backport r53168, r53169 (String#scrub, #encode infection) — nagachika00@...

Issue #11834 has been updated by Tomoyuki Chikanaga.

1 message 2016/02/14

[#49496] DevelopersMeeting20160316Japan — SASADA Koichi <ko1@...>

Hi,

3 messages 2016/02/16

[#49514] Re: [ruby-core:73832] DevelopersMeeting20160316Japan — SASADA Koichi <ko1@...> 2016/03/16

log:

[#49517] Re: [ruby-core:74379] Re: DevelopersMeeting20160316Japan — "Shota Fukumori (sora_h)" <sorah@...> 2016/03/16

oh, it wasn't published. now /pub url should be able to access now.

[#49497] [Ruby trunk Bug#12087] Find.find に存在しないパスを渡した時のエラーにパス名がない — tommy@...

Issue #12087 has been reported by Masahiro Tomita.

1 message 2016/02/19

[#49498] [Ruby trunk Bug#12089] Raise not stable NameError — alpaca-tc@...

Issue #12089 has been reported by Hiroyuki Ishii.

1 message 2016/02/19

[#49499] [Ruby trunk Bug#12087] Find.find に存在しないパスを渡した時のエラーにパス名がない — usa@...

Issue #12087 has been updated by Usaku NAKAMURA.

1 message 2016/02/23

[#49500] [Ruby trunk Bug#11843] enc/windows_1250.c syntax error with fcc on Solaris -- C++(C99)-style comments should not be used — nagachika00@...

Issue #11843 has been updated by Tomoyuki Chikanaga.

1 message 2016/02/23

[#49501] [Ruby trunk Bug#11843] enc/windows_1250.c syntax error with fcc on Solaris -- C++(C99)-style comments should not be used — nagachika00@...

Issue #11843 has been updated by Tomoyuki Chikanaga.

1 message 2016/02/23

[#49502] [Ruby trunk Bug#12089] Raise not stable NameError — nobu@...

Issue #12089 has been updated by Nobuyoshi Nakada.

1 message 2016/02/25

[#49503] [Ruby trunk Bug#11898] backport r53346-r53349 — usa@...

Issue #11898 has been updated by Usaku NAKAMURA.

1 message 2016/02/25

[#49504] [Ruby trunk Feature#4146] Improvement of Symbol and Proc — nobu@...

Issue #4146 has been updated by Nobuyoshi Nakada.

1 message 2016/02/27

[#49505] [Ruby trunk Bug#12121] 異なる名前空間にある同名の定数により Module.constans の結果の並びが変わる — koic.ito@...

Issue #12121 has been reported by Koichi ITO.

1 message 2016/02/27

[#49506] [Ruby trunk Bug#12121][Rejected] 異なる名前空間にある同名の定数により Module.constans の結果の並びが変わる — nobu@...

Issue #12121 has been updated by Nobuyoshi Nakada.

1 message 2016/02/28

[#49507] [Ruby trunk Bug#12121][Feedback] 異なる名前空間にある同名の定数により Module.constans の結果の並びが変わる — nobu@...

Issue #12121 has been updated by Nobuyoshi Nakada.

1 message 2016/02/28

[#49508] [Ruby trunk Bug#12121] 異なる名前空間にある同名の定数により Module.constans の結果の並びが変わる — koic.ito@...

Issue #12121 has been updated by Koichi ITO.

1 message 2016/02/28

[ruby-dev:49490] [Ruby trunk Bug#11855] CGI.escapeHTML and taint/frozen

From: usa@...

Date: 2016-02-03 10:44:52 UTC

List: ruby-dev #49490

Issue #11855 has been updated by Usaku NAKAMURA.

Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED

----------------------------------------
Bug #11855: CGI.escapeHTML and taint/frozen
https://bugs.ruby-lang.org/issues/11855#change-56868

* Author: Kazuhiro NISHIYAMA
* Status: Closed
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin15]
* Backport: 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED
----------------------------------------
taint フラグや frozen の扱いが変わってしまっているようです。

~~~
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
~~~

~~~
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
~~~


---Files--------------------------------
0001-Preserve-original-state-for-tainted-and-frozen.patch (1.88 KB)


-- 
https://bugs.ruby-lang.org/

Thread

Prev Next

In This Thread

Prev Next