Seems like a bug to me. I filed #8161 (and 8162 for the doc). On Sun, Mar 24, 2013 at 4:58 AM, Nikolai Weibull <now / bitwi.se> wrote: > On Sat, Mar 23, 2013 at 10:42 PM, Nikolai Weibull <now / bitwi.se> wrote: > > On Sat, Mar 23, 2013 at 8:30 PM, KOSAKI Motohiro > > <kosaki.motohiro / gmail.com> wrote: > >> On Sat, Mar 23, 2013 at 2:45 PM, Nikolai Weibull <now / bitwi.se> wrote: > > >>> Why doesn=92t String#+ return an untrusted result if self or other is > untrusted? > > >> IIUC, untrusted mean an object was created from untrusted code (i.e. > $SAFE >=3D3). > > > OK, so the reasoning then is that since String#+ creates a result that > > contains data from outside of the receiver, untrust isn=92t inherited, > > whereas with String#slice and String#downcase the whole result comes > > from an untrusted source and thus untrust is inherited. > > (This explanation isn=92t consistent with String#center, String#ljust, > and String#rjust, as their results inherit untrust from the padding > argument, so there must be something deeper going on here.) > >