Issue #11858 has been updated by Usaku NAKAMURA. Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED ---------------------------------------- Bug #11858: CGI.escapeHTML should NOT return frozen string https://bugs.ruby-lang.org/issues/11858#change-56869 * Author: Toru Iwase * Status: Closed * Priority: Normal * Assignee: * ruby -v: ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux] * Backport: 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED ---------------------------------------- After r53220, following snippet fails. ~~~ $ ./ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."' ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux] -e:1:in `<main>': can't modify frozen String (RuntimeError) ~~~ In preview2, works. ~~~ $ RBENV_VERSION=2.3.0-preview2 ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."' ruby 2.3.0preview2 (2015-12-11 trunk 53028) [x86_64-linux] "Hello, world." ~~~ I think this is backward incompatibility. `CGI.escapeHTML` should return different and unfreezed string from passed string as `String#gsub`. ~~~ $ ./irb ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux] irb(main):001:0> str = "Ruby".freeze => "Ruby" irb(main):002:0> str.object_id => 70236871355920 irb(main):003:0> str.gsub(/\d/, '').frozen? => false irb(main):004:0> str.gsub(/\d/, '').object_id => 70236871220100 # different object irb(main):006:0> require 'cgi' => true irb(main):007:0> CGI.escapeHTML(str).frozen? => true irb(main):008:0> CGI.escapeHTML(str).object_id => 70236871355920 # same object ~~~ ---Files-------------------------------- escapehtml_dup_str.patch (2.06 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>