From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.86.99.8 with SMTP id w8cs103352fgb; Tue, 6 Oct 2009 01:05:28 -0700 (PDT) Received-SPF: pass (google.com: domain of grbounce-ceibQwUAAAB4YPBqaDIjI2bFOCxyyh3G=chneukirchen=gmail.com@googlegroups.com designates 10.220.4.30 as permitted sender) client-ip=10.220.4.30; Authentication-Results: mr.google.com; spf=pass (google.com: domain of grbounce-ceibQwUAAAB4YPBqaDIjI2bFOCxyyh3G=chneukirchen=gmail.com@googlegroups.com designates 10.220.4.30 as permitted sender) smtp.mail=grbounce-ceibQwUAAAB4YPBqaDIjI2bFOCxyyh3G=chneukirchen=gmail.com@googlegroups.com; dkim=pass header.i=grbounce-ceibQwUAAAB4YPBqaDIjI2bFOCxyyh3G=chneukirchen=gmail.com@googlegroups.com Received: from mr.google.com ([10.220.4.30]) by 10.220.4.30 with SMTP id 30mr1442941vcp.17.1254816327498 (num_hops = 1); Tue, 06 Oct 2009 01:05:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=beta; h=domainkey-signature:received:received:x-sender:x-apparently-to :received:received:received:received-spf:received:dkim-signature :domainkey-signature:received:received:content-type:mime-version :subject:from:in-reply-to:date:content-transfer-encoding:message-id :references:to:x-mailer:reply-to:sender:precedence:x-google-loop :mailing-list:list-id:list-post:list-help:list-unsubscribe :x-beenthere-env:x-beenthere; bh=5S6+RDMzo2Nz2i50AViLra0V4yYVEeVIWy7BN9mk9oM=; b=gZa5IhY7TY+mg39MRH3fm33aYzQH06rTsyHWCmY3C3AN5PgpvgibCimshPnN24dLFc Kmx1CRt+H5eJl7kJ0g359VNoicelaH6hHlgbvDqi9VINZfpkMfBkpmzt24fyfyWGuoEg SDdxy/WpTuiZndXeB3nBdjiDYPGyElNU4uAvo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlegroups.com; s=beta; h=x-sender:x-apparently-to:received-spf:authentication-results :dkim-signature:domainkey-signature:content-type:mime-version :subject:from:in-reply-to:date:content-transfer-encoding:message-id :references:to:x-mailer:reply-to:sender:precedence:x-google-loop :mailing-list:list-id:list-post:list-help:list-unsubscribe :x-beenthere-env:x-beenthere; b=GQ9Iw/LK/UuN+nmT7mDmnfDMLGEtnNbrt1KphblBK4nPLrFC2lfYI9Re3bNw/8hbZy 5lDHAYFe9JMvKHetJoeHHI6bOvVZx8QNLpzBHvRu33DswNV95+fbXnGe6Jjmk+RTzkgr 84k4yrEMgXTjCHScYvpCoQyb3eSfG38pd1HPU= Received: by 10.220.4.30 with SMTP id 30mr135508vcp.17.1254816327446; Tue, 06 Oct 2009 01:05:27 -0700 (PDT) Received: by 10.177.5.4 with SMTP id h4gr1683yqi.0; Tue, 06 Oct 2009 01:05:22 -0700 (PDT) X-Sender: jftucker@gmail.com X-Apparently-To: rack-devel@googlegroups.com Received: by 10.211.174.12 with SMTP id b12mr852829ebp.15.1254816320115; Tue, 06 Oct 2009 01:05:20 -0700 (PDT) Received: by 10.211.174.12 with SMTP id b12mr852828ebp.15.1254816320079; Tue, 06 Oct 2009 01:05:20 -0700 (PDT) Return-Path: Received: from mail-ew0-f216.google.com (mail-ew0-f216.google.com [209.85.219.216]) by gmr-mx.google.com with ESMTP id 15si1180979ewy.0.2009.10.06.01.05.19; Tue, 06 Oct 2009 01:05:19 -0700 (PDT) Received-SPF: pass (google.com: domain of jftucker@gmail.com designates 209.85.219.216 as permitted sender) client-ip=209.85.219.216; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jftucker@gmail.com designates 209.85.219.216 as permitted sender) smtp.mail=jftucker@gmail.com; dkim=pass (test mode) header.i=@gmail.com Received: by mail-ew0-f216.google.com with SMTP id 12so5498856ewy.0 for ; Tue, 06 Oct 2009 01:05:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:content-type:mime-version :subject:from:in-reply-to:date:content-transfer-encoding:message-id :references:to:x-mailer; bh=Udb5eaiEHDBWqbGbRIZjKOJHkz4KX2kQNqaRbxKTmtQ=; b=mMiu3Mz33x5y4v71GWwR1rp0upcR63vr7AvdddkS6F8ldg5ad70HLbvRZjD+56/38f Ewqq4/FAbYae42zMdcMmH3100PuSSjUvxhe18zU4mCNhCBIU3oSX/b0OKnm0k8tIeto7 K/+bU3UQFBgAeKVSjLsxgCfEx72m475emShx0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; b=ZGjgAt6Euwflp4XCOM0yRY79kRF04Yls7qtdeYdGpslA72JIBTx2H9XNzN5zPKH7YI dJaeH4VcKyRrdn+cRQYjWTdk4ikvfUftxolYbYaC+/6Wcaa3XlyaEPOS6vpNMEAjMEmU ncruboKYCvff5OSbQDYGqeGgNyRXZgCNspTp8= Received: by 10.216.86.201 with SMTP id w51mr225753wee.8.1254816318513; Tue, 06 Oct 2009 01:05:18 -0700 (PDT) Return-Path: Received: from ?192.168.1.18? (bb-87-81-237-21.ukonline.co.uk [87.81.237.21]) by mx.google.com with ESMTPS id m5sm15569995gve.1.2009.10.06.01.05.16 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 06 Oct 2009 01:05:17 -0700 (PDT) Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes Mime-Version: 1.0 (Apple Message framework v1076) Subject: Re: Questions about the Prohibition of String Subclasses in responses From: James Tucker In-Reply-To: <20091005232208.GB27564@dcvr.yhbt.net> Date: Tue, 6 Oct 2009 09:05:15 +0100 Content-Transfer-Encoding: 7bit Message-Id: References: <20091005230246.GA27564@dcvr.yhbt.net> <20091005232208.GB27564@dcvr.yhbt.net> To: rack-devel@googlegroups.com X-Mailer: Apple Mail (2.1076) Reply-To: rack-devel@googlegroups.com Sender: rack-devel@googlegroups.com Precedence: bulk X-Google-Loop: groups Mailing-List: list rack-devel@googlegroups.com; contact rack-devel+owner@googlegroups.com List-Id: List-Post: List-Help: List-Unsubscribe: , X-BeenThere-Env: rack-devel@googlegroups.com X-BeenThere: rack-devel@googlegroups.com On 6 Oct 2009, at 00:22, Eric Wong wrote: > > Eric Wong wrote: >> Michael Koziarski wrote: >>> Our XSS safe responses will fail this test because they return an >>> instance of ActionView::SafeBuffer which is a subclass of String. >>> We >>> use a subclass so that we can make all the concat and append >>> operations escape their arguments. > > What's the overhead of metadef-ing #concat/#append each String > response > on an individual basis vs subclassing? That could be an option... Busting the method cache afaik. > > Also (not knowing much about Rails or view internals), would it be > possible to make the response an Array-like object and then make all > concats/appends work on the Array-like object instead of the String- > like > object? > > class SafeBuffer < Array > > def <<(string) > super(escape(string)) > end > > ... > > end > > And then probably do a #join when responding for performance reasons: > > [ status, headers, [ safe_buffer.join('') ] ] > >>> What's the rationale for preventing me from sending a subclass of >>> string? >> >> Not speaking for anyone else here, but this may break C extensions at >> this point. It was probably done this way to make extensions >> easier to >> implement. The core Ruby IO functions all call rb_obj_as_string() to >> convert their arguments to strings, but some extensions out there may >> not[1]. >> >> [1] *my* C extensions are safe against this, of course :) > > But I just read the patch attached to LH ticket #78 and that relaxes > the Hash type check, too. I actually depend on that being a real > Hash in at least C one extension :x > > I'll of course update that extension for the new spec if I need to :> > > -- > Eric Wong