Issue #6472 has been updated by shyouhei (Shyouhei Urabe).

Status changed from Open to Third Party's Issue

Not a bug at least.  Regexps are working as expected.
Ruby won't prevent you shooting your foot.
----------------------------------------
Feature #6472: Multiline mode in regexp by default
https://bugs.ruby-lang.org/issues/6472#change-26728

Author: Sega100500 (??ԧ֧ ??ا)
Status: Third Party's Issue
Priority: Normal
Assignee: 
Category: core
Target version: 1.9.3


When using regexp there can be a vulnerability:

http://homakov.blogspot.com/2012/05/saferweb-injects-in-various-ruby.html#more


Probably it happens because multiline mode in regexp is default, but this is wrong. Need use 'm' modificator to use this mode.


-- 
http://bugs.ruby-lang.org/