--DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 09, 2011 at 07:49:06AM +0900, Yukihiro Matsumoto wrote: > Hi, > > In message "Re: [ruby-core:36863] Object#trust vs Object#taint" > on Thu, 9 Jun 2011 06:37:13 +0900, Aaron Patterson <aaron / tenderlovemaking.com> writes: > > |What is the difference between tainting and untrusting an object? > > Tainting is a mark for data from outside world. Data from outside > cannot be trusted. Untrusting is a mark for data from untrusted code > (that run under $SAFE level 4). So who decides to trust / untrust an object? > |When should library authors taint vs untrust objects? > |When should application authors taint or untrust objects? > > Basically you don't have to taint or untrust object explicitly. Ruby > should mark those flags automatically. The authors can clear those > flag, but I recommend strict validation before clearing flags. When does Ruby set the untrust flag? I can't seem to find any documentation on when that will happen. -- Aaron Patterson http://tenderlovemaking.com/ --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJN8BNMAAoJEJUxcLy0/6/GbzsIAJuvwzVrxRekeqOVd3Il3j5a zicr4+I1KqrpeMWUSKmqRBrrEIVUs9OTDW6ePAwxbvQJOFrYh+rkLGoz7PWb5uLb E10SvjfmXnEh4TQCLhPObiqcIHhTanEWZo617SX/zVdPJ58FTlrnVli/l8TNPl/F dxK1WWy11Q43jt7zCiuK5ODVfFieg1OVRjHS5fNrCO7/bH5sh6lyQObY0wmwt/oi zOwOVk+RoARYtdySPSkYu0ChOHAH/2+beiLhZEvuOIs6W68EJC5mHz+J4WgrEFPm GmymIdL75lG02Qoupyb49pdRLAeez4kfJbPbt9H9k8tvdf1GxbHgjGEkhCdMCPY�nr -----END PGP SIGNATURE----- --DocE+STaALJfprDB--