On Sat, Mar 23, 2013 at 2:45 PM, Nikolai Weibull <now / bitwi.se> wrote:
> Hi!
>
> Why doesn=92t String#+ return an untrusted result if self or other is unt=
rusted?
>
> Only taint is inherited.
>
> Also, I can=92t really find any documentation on the difference between
> taint and untrust.

IIUC, untrusted mean an object was created from untrusted code (i.e. $SAFE =
>=3D3).
taint mean the data is derived from other tainted data or IO source.

That said, when trusted code (i.e. $SAFE=3D0) call String#+, ruby assume ca=
ller
understand what String#+ does.