[ruby-core:53707] =?windows-1252?Q?Re=3A_=5Bruby=2Dcore=3A53689=5D_Re=3A_=5Bruby=2Dcore=3A53685=5D_Re=3A_=5Brub?= =?windows-1252?Q?y=2Dcore=3A53680=5D_Re=3A_=5Bruby=2Dcore=3A53679=5D_Why_doesn=92t_String=23=2B_r?= =?windows-1252?Q?eturn_an_untrusted_result_if_self_or_other_is

< ^ > P N |<>| ^ _>< --- | ~ ...Help

Seems like a bug to me.

I filed #8161 (and 8162 for the doc).


On Sun, Mar 24, 2013 at 4:58 AM, Nikolai Weibull <now / bitwi.se> wrote:

> On Sat, Mar 23, 2013 at 10:42 PM, Nikolai Weibull <now / bitwi.se> wrote:
> > On Sat, Mar 23, 2013 at 8:30 PM, KOSAKI Motohiro
> > <kosaki.motohiro / gmail.com> wrote:
> >> On Sat, Mar 23, 2013 at 2:45 PM, Nikolai Weibull <now / bitwi.se> wrote:
>
> >>> Why doesn=92t String#+ return an untrusted result if self or other is
> untrusted?
>
> >> IIUC, untrusted mean an object was created from untrusted code (i.e.
> $SAFE >=3D3).
>
> > OK, so the reasoning then is that since String#+ creates a result that
> > contains data from outside of the receiver, untrust isn=92t inherited,
> > whereas with String#slice and String#downcase the whole result comes
> > from an untrusted source and thus untrust is inherited.
>
> (This explanation isn=92t consistent with String#center, String#ljust,
> and String#rjust, as their results inherit untrust from the padding
> argument, so there must be something deeper going on here.)
>
>