From: James Tucker <jftucker@gmail.com>
To: rack-devel@googlegroups.com
Subject: Re: Questions about the Prohibition of String Subclasses in responses
Date: Tue, 6 Oct 2009 09:05:15 +0100 [thread overview]
Message-ID: <B106A5E2-E85F-41DB-AE88-AA5EA68E7396@gmail.com> (raw)
In-Reply-To: <20091005232208.GB27564@dcvr.yhbt.net>
On 6 Oct 2009, at 00:22, Eric Wong wrote:
>
> Eric Wong <normalperson@yhbt.net> wrote:
>> Michael Koziarski <koziarski@gmail.com> wrote:
>>> Our XSS safe responses will fail this test because they return an
>>> instance of ActionView::SafeBuffer which is a subclass of String.
>>> We
>>> use a subclass so that we can make all the concat and append
>>> operations escape their arguments.
>
> What's the overhead of metadef-ing #concat/#append each String
> response
> on an individual basis vs subclassing? That could be an option...
Busting the method cache afaik.
>
> Also (not knowing much about Rails or view internals), would it be
> possible to make the response an Array-like object and then make all
> concats/appends work on the Array-like object instead of the String-
> like
> object?
>
> class SafeBuffer < Array
>
> def <<(string)
> super(escape(string))
> end
>
> ...
>
> end
>
> And then probably do a #join when responding for performance reasons:
>
> [ status, headers, [ safe_buffer.join('') ] ]
>
>>> What's the rationale for preventing me from sending a subclass of
>>> string?
>>
>> Not speaking for anyone else here, but this may break C extensions at
>> this point. It was probably done this way to make extensions
>> easier to
>> implement. The core Ruby IO functions all call rb_obj_as_string() to
>> convert their arguments to strings, but some extensions out there may
>> not[1].
>>
>> [1] *my* C extensions are safe against this, of course :)
>
> But I just read the patch attached to LH ticket #78 and that relaxes
> the Hash type check, too. I actually depend on that being a real
> Hash in at least C one extension :x
>
> I'll of course update that extension for the new spec if I need to :>
>
> --
> Eric Wong
prev parent reply other threads:[~2009-10-06 8:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-05 21:58 Questions about the Prohibition of String Subclasses in responses Michael Koziarski
2009-10-05 23:02 ` Eric Wong
2009-10-05 23:22 ` Eric Wong
2009-10-06 0:38 ` Michael Koziarski
2009-10-06 2:52 ` Eric Wong
2009-10-06 6:40 ` Michael Koziarski
2009-10-06 14:23 ` James Tucker
2009-10-06 8:05 ` James Tucker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://groups.google.com/group/rack-devel
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B106A5E2-E85F-41DB-AE88-AA5EA68E7396@gmail.com \
--to=rack-devel@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).