ruby-dev

[#49487] [Ruby trunk Bug#11843] enc/windows_1250.c syntax error with fcc on Solaris -- C++(C99)-style comments should not be used — usa@...

Issue #11843 has been updated by Usaku NAKAMURA.

1 message 2016/02/03

[#49488] [Ruby trunk Bug#11853] "variable.c line 43: warning: modification of typedef with int ignored" on Solaris — usa@...

SXNzdWUgIzExODUzIGhhcyBiZWVuIHVwZGF0ZWQgYnkgVXNha3UgTkFLQU1V

1 message 2016/02/03

[#49489] [Ruby trunk Bug#11742] lib/webrick/utils.rb:196:in `register': ERROR RuntimeError: can't add a new key into hash during iteration — usa@...

Issue #11742 has been updated by Usaku NAKAMURA.

1 message 2016/02/03

[#49490] [Ruby trunk Bug#11855] CGI.escapeHTML and taint/frozen — usa@...

Issue #11855 has been updated by Usaku NAKAMURA.

1 message 2016/02/03

[#49491] [Ruby trunk Bug#11742] lib/webrick/utils.rb:196:in `register': ERROR RuntimeError: can't add a new key into hash during iteration — ngotogenome@...

SXNzdWUgIzExNzQyIGhhcyBiZWVuIHVwZGF0ZWQgYnkgTmFvaGlzYSBHb3Rv

1 message 2016/02/03

[#49492] [Ruby trunk Bug#11742] lib/webrick/utils.rb:196:in `register': ERROR RuntimeError: can't add a new key into hash during iteration — usa@...

SXNzdWUgIzExNzQyIGhhcyBiZWVuIHVwZGF0ZWQgYnkgVXNha3UgTkFLQU1V

1 message 2016/02/03

[#49493] [Ruby trunk Bug#12052] String#encode with xml option returns wrong result — nobu@...

SXNzdWUgIzEyMDUyIGhhcyBiZWVuIHJlcG9ydGVkIGJ5IE5vYnV5b3NoaSBO

1 message 2016/02/05

[#49494] [Ruby trunk Bug#11834] Backport r53168, r53169 (String#scrub, #encode infection) — nagachika00@...

Issue #11834 has been updated by Tomoyuki Chikanaga.

1 message 2016/02/14

[#49496] DevelopersMeeting20160316Japan — SASADA Koichi <ko1@...>

Hi,

3 messages 2016/02/16

[#49514] Re: [ruby-core:73832] DevelopersMeeting20160316Japan — SASADA Koichi <ko1@...> 2016/03/16

log:

[#49517] Re: [ruby-core:74379] Re: DevelopersMeeting20160316Japan — "Shota Fukumori (sora_h)" <sorah@...> 2016/03/16

oh, it wasn't published. now /pub url should be able to access now.

[#49497] [Ruby trunk Bug#12087] Find.find に存在しないパスを渡した時のエラーにパス名がない — tommy@...

SXNzdWUgIzEyMDg3IGhhcyBiZWVuIHJlcG9ydGVkIGJ5IE1hc2FoaXJvIFRv

1 message 2016/02/19

[#49498] [Ruby trunk Bug#12089] Raise not stable NameError — alpaca-tc@...

Issue #12089 has been reported by Hiroyuki Ishii.

1 message 2016/02/19

[#49499] [Ruby trunk Bug#12087] Find.find に存在しないパスを渡した時のエラーにパス名がない — usa@...

Issue #12087 has been updated by Usaku NAKAMURA.

1 message 2016/02/23

[#49500] [Ruby trunk Bug#11843] enc/windows_1250.c syntax error with fcc on Solaris -- C++(C99)-style comments should not be used — nagachika00@...

Issue #11843 has been updated by Tomoyuki Chikanaga.

1 message 2016/02/23

[#49501] [Ruby trunk Bug#11843] enc/windows_1250.c syntax error with fcc on Solaris -- C++(C99)-style comments should not be used — nagachika00@...

Issue #11843 has been updated by Tomoyuki Chikanaga.

1 message 2016/02/23

[#49502] [Ruby trunk Bug#12089] Raise not stable NameError — nobu@...

Issue #12089 has been updated by Nobuyoshi Nakada.

1 message 2016/02/25

[#49503] [Ruby trunk Bug#11898] backport r53346-r53349 — usa@...

SXNzdWUgIzExODk4IGhhcyBiZWVuIHVwZGF0ZWQgYnkgVXNha3UgTkFLQU1V

1 message 2016/02/25

[#49504] [Ruby trunk Feature#4146] Improvement of Symbol and Proc — nobu@...

SXNzdWUgIzQxNDYgaGFzIGJlZW4gdXBkYXRlZCBieSBOb2J1eW9zaGkgTmFr

1 message 2016/02/27

[#49505] [Ruby trunk Bug#12121] 異なる名前空間にある同名の定数により Module.constans の結果の並びが変わる — koic.ito@...

SXNzdWUgIzEyMTIxIGhhcyBiZWVuIHJlcG9ydGVkIGJ5IEtvaWNoaSBJVE8u

1 message 2016/02/27

[#49506] [Ruby trunk Bug#12121][Rejected] 異なる名前空間にある同名の定数により Module.constans の結果の並びが変わる — nobu@...

SXNzdWUgIzEyMTIxIGhhcyBiZWVuIHVwZGF0ZWQgYnkgTm9idXlvc2hpIE5h

1 message 2016/02/28

[#49507] [Ruby trunk Bug#12121][Feedback] 異なる名前空間にある同名の定数により Module.constans の結果の並びが変わる — nobu@...

SXNzdWUgIzEyMTIxIGhhcyBiZWVuIHVwZGF0ZWQgYnkgTm9idXlvc2hpIE5h

1 message 2016/02/28

[#49508] [Ruby trunk Bug#12121] 異なる名前空間にある同名の定数により Module.constans の結果の並びが変わる — koic.ito@...

SXNzdWUgIzEyMTIxIGhhcyBiZWVuIHVwZGF0ZWQgYnkgS29pY2hpIElUTy4K

1 message 2016/02/28

[ruby-dev:49490] [Ruby trunk Bug#11855] CGI.escapeHTML and taint/frozen

From: usa@...

Date: 2016-02-03 10:44:52 UTC

List: ruby-dev #49490

Issue #11855 has been updated by Usaku NAKAMURA.

Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: =
DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED

----------------------------------------
Bug #11855: CGI.escapeHTML and taint/frozen
https://bugs.ruby-lang.org/issues/11855#change-56868

* Author: Kazuhiro NISHIYAMA
* Status: Closed
* Priority: Normal
* Assignee:=20
* ruby -v: ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin15]
* Backport: 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED
----------------------------------------
taint =E3=83=95=E3=83=A9=E3=82=B0=E3=82=84 frozen =E3=81=AE=E6=89=B1=E3=81=
=84=E3=81=8C=E5=A4=89=E3=82=8F=E3=81=A3=E3=81=A6=E3=81=97=E3=81=BE=E3=81=A3=
=E3=81=A6=E3=81=84=E3=82=8B=E3=82=88=E3=81=86=E3=81=A7=E3=81=99=E3=80=82

~~~
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.3.0dev (2015-12-21 trunk 53230) [x86_64-darwin14]
false
~~~

~~~
% ruby -v -r cgi -e 'p CGI.escapeHTML("".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".taint).tainted?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
true
% ruby -v -r cgi -e 'p CGI.escapeHTML("".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
% ruby -v -r cgi -e 'p CGI.escapeHTML("&".freeze).frozen?'
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-darwin14]
false
~~~


---Files--------------------------------
0001-Preserve-original-state-for-tainted-and-frozen.patch (1.88 KB)


--=20
https://bugs.ruby-lang.org/

Thread

Prev Next

In This Thread

Prev Next