rack-devel archive mirror (unofficial) https://groups.google.com/group/rack-devel
 help / color / mirror / Atom feed
From: James Tucker <jftucker@gmail.com>
To: rack-devel@googlegroups.com
Subject: Re: Questions about the Prohibition of String Subclasses in responses
Date: Tue, 6 Oct 2009 09:05:15 +0100	[thread overview]
Message-ID: <B106A5E2-E85F-41DB-AE88-AA5EA68E7396@gmail.com> (raw)
In-Reply-To: <20091005232208.GB27564@dcvr.yhbt.net>



On 6 Oct 2009, at 00:22, Eric Wong wrote:

>
> Eric Wong <normalperson@yhbt.net> wrote:
>> Michael Koziarski <koziarski@gmail.com> wrote:
>>> Our XSS safe responses will fail this test because they return an
>>> instance of ActionView::SafeBuffer which is a subclass of String.   
>>> We
>>> use a subclass so that we can make all the concat and append
>>> operations escape their arguments.
>
> What's the overhead of metadef-ing #concat/#append each String  
> response
> on an individual basis vs subclassing?  That could be an option...

Busting the method cache afaik.

>
> Also (not knowing much about Rails or view internals), would it be
> possible to make the response an Array-like object and then make all
> concats/appends work on the Array-like object instead of the String- 
> like
> object?
>
>  class SafeBuffer < Array
>
>    def <<(string)
>      super(escape(string))
>    end
>
>    ...
>
>  end
>
> And then probably do a #join when responding for performance reasons:
>
>  [ status, headers, [ safe_buffer.join('') ] ]
>
>>> What's the rationale for preventing me from sending a subclass of
>>> string?
>>
>> Not speaking for anyone else here, but this may break C extensions at
>> this point.  It was probably done this way to make extensions  
>> easier to
>> implement.  The core Ruby IO functions all call rb_obj_as_string() to
>> convert their arguments to strings, but some extensions out there may
>> not[1].
>>
>> [1] *my* C extensions are safe against this, of course :)
>
> But I just read the patch attached to LH ticket #78 and that relaxes
> the Hash type check, too.  I actually depend on that being a real
> Hash in at least C one extension :x
>
> I'll of course update that extension for the new spec if I need to :>
>
> -- 
> Eric Wong

      parent reply	other threads:[~2009-10-06  8:05 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-05 21:58 Questions about the Prohibition of String Subclasses in responses Michael Koziarski
2009-10-05 23:02 ` Eric Wong
2009-10-05 23:22   ` Eric Wong
2009-10-06  0:38     ` Michael Koziarski
2009-10-06  2:52       ` Eric Wong
2009-10-06  6:40         ` Michael Koziarski
2009-10-06 14:23           ` James Tucker
2009-10-06  8:05     ` James Tucker [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://groups.google.com/group/rack-devel

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=B106A5E2-E85F-41DB-AE88-AA5EA68E7396@gmail.com \
    --to=rack-devel@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).