Issue #6472 has been reported by Sega100500 (妊快把忍快抄 圻忪抉志).

----------------------------------------
Feature #6472: Multiline mode in regexp by default
https://bugs.ruby-lang.org/issues/6472

Author: Sega100500 (妊快把忍快抄 圻忪抉志)
Status: Open
Priority: Normal
Assignee: 
Category: core
Target version: 1.9.3


When using regexp there can be a vulnerability:

http://homakov.blogspot.com/2012/05/saferweb-injects-in-various-ruby.html#more


Probably it happens because multiline mode in regexp is default, but this is wrong. Need use 'm' modificator to use this mode.


-- 
http://bugs.ruby-lang.org/