Hello,

In message "[ruby-core:33338] [Ruby 1.9-Bug#4087][Open] String#scan(arg) taints results if arg is a Regexp but not if arg is a String"
    on Nov.25,2010 05:38:28, <redmine / ruby-lang.org> wrote:
> Bug #4087: String#scan(arg) taints results if arg is a Regexp but not if arg is a String
> Is this intended?

Maybe not.
patch for trunk.

Index: re.c =================================================================== --- re.c (revision 29923) +++ re.c (working copy) @@ -2443,6 +2443,7 @@ } ret = rb_reg_initialize(obj, RSTRING_PTR(str), RSTRING_LEN(str), enc, options, err, sourcefile, sourceline); + OBJ_INFECT(obj, str); RB_GC_GUARD(str); return ret; }
Regards, -- U.Nakamura <usa / garbagecollect.jp>