Issue #8161 has been updated by charliesome (Charlie Somerville).

Status changed from Open to Closed

Untrustedness is now deprecated and behaves the same as tainting.

Taintedness is properly propagated in your examples, so I'm closing this.
----------------------------------------
Bug #8161: String#+ should inherit untrustedness
https://bugs.ruby-lang.org/issues/8161#change-41953

Author: marcandre (Marc-Andre Lafortune)
Status: Closed
Priority: Normal
Assignee: 
Category: core
Target version: current: 2.1.0
ruby -v: r39923
Backport: 


As noted by Nikolai Weibull [ruby-core:53679], String#+ doesn't maintain untrustedness.

    s = "foo".untrust
    (s * 2).untrusted? # => true
    (s + s).untrusted? # => false, should be true
    (s + '').untrusted? # => false, should also be true


-- 
http://bugs.ruby-lang.org/