From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruby-core-bounces@ruby-lang.org>
X-Original-To: poffice@blade.nagaokaut.ac.jp
Delivered-To: poffice@blade.nagaokaut.ac.jp
Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24])
	by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 6906817DC893
	for <poffice@blade.nagaokaut.ac.jp>; Tue, 22 Dec 2015 11:37:42 +0900 (JST)
Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100])
	by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id 2D88BB5D931
	for <poffice@blade.nagaokaut.ac.jp>; Tue, 22 Dec 2015 12:10:00 +0900 (JST)
Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75])
	by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id 6DDD818CC7B1
	for <poffice@blade.nagaokaut.ac.jp>; Tue, 22 Dec 2015 12:10:00 +0900 (JST)
Received: from [221.186.184.76] (localhost [IPv6:::1])
	by neon.ruby-lang.org (Postfix) with ESMTP id 0394A120516;
	Tue, 22 Dec 2015 12:09:59 +0900 (JST)
X-Original-To: ruby-core@ruby-lang.org
Delivered-To: ruby-core@ruby-lang.org
Received: from o10.shared.sendgrid.net (o10.shared.sendgrid.net
 [173.193.132.135])
 by neon.ruby-lang.org (Postfix) with ESMTPS id 5978A1204B1
 for <ruby-core@ruby-lang.org>; Tue, 22 Dec 2015 12:09:55 +0900 (JST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; 
 h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id;
 s=smtpapi; bh=TNamZQSVTQ2F6w9hE1XaZxnVUjM=; b=RVWbDDwDtQXM0fyDxt
 /5FaeABokdUNdCeszCvUPwJ+VlY0o+2nlK90WMS2bfSy0s0Gs3ZkafXKi/7sLbdn
 KWWtXuirLaouKF+zp93JQ51ilAOkPXXRojNOVYpXj39SWtNAvGuyEVNw6EW//X6P
 3NuMK9JiySLPjsXPhO8Up7EjY=
Received: by filter0882p1mdw1.sendgrid.net with SMTP id
 filter0882p1mdw1.11779.5678BEFE24
 2015-12-22 03:09:50.409625329 +0000 UTC
Received: from herokuapp.com (ec2-54-161-237-60.compute-1.amazonaws.com
 [54.161.237.60])
 by ismtpd0003p1iad1.sendgrid.net (SG) with ESMTP id C0uKjAkCRt-KuMKthNbaow
 for <ruby-core@ruby-lang.org>; Tue, 22 Dec 2015 03:09:50.515 +0000 (UTC)
Date: Tue, 22 Dec 2015 03:09:50 +0000
From: tietew@tietew.net
To: ruby-core@ruby-lang.org
Message-ID: <redmine.journal-55719.20151222030949.a1dafa59aae835b7@ruby-lang.org>
References: <redmine.issue-11858.20151222025600@ruby-lang.org>
Mime-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Redmine-MailingListIntegration-Message-Ids: 47028
X-Redmine-Project: ruby-trunk
X-Redmine-Issue-Id: 11858
X-Redmine-Issue-Author: Tietew
X-Redmine-Sender: Tietew
X-Mailer: Redmine
X-Redmine-Host: bugs.ruby-lang.org
X-Redmine-Site: Ruby Issue Tracking System
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS4R1Okr5b5v3g2PHTLhCbFUq3w68b903KcfAZ
 buiu+8lKoGhtMhntGxZ0u1XkdN6dtxojU3xniQ7SmDbhApH+yWSbIpYUIc2e+6OH4w/r0ckFvdzQEP
 Im+vi/dqe2PBbDuMwRKnrP/LOQ+F4i632NT1vzkF+/1oOx07IUz2ucEELg==
X-ML-Name: ruby-core
X-Mail-Count: 72427
Subject: [ruby-core:72427] [Ruby trunk - Bug #11858] CGI.escapeHTML should
 NOT return frozen string
X-BeenThere: ruby-core@ruby-lang.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Ruby developers <ruby-core@ruby-lang.org>
List-Id: Ruby developers <ruby-core.ruby-lang.org>
List-Unsubscribe: <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
List-Post: <mailto:ruby-core@ruby-lang.org>
List-Help: <mailto:ruby-core-request@ruby-lang.org?subject=help>
List-Subscribe: <http://lists.ruby-lang.org/cgi-bin/mailman/listinfo/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=subscribe>
Errors-To: ruby-core-bounces@ruby-lang.org
Sender: "ruby-core" <ruby-core-bounces@ruby-lang.org>

Issue #11858 has been updated by Toru Iwase.

File escapehtml_dup_str.patch added

Attached a suggested patch.
This patch also adds some tests for not-modified patterns.


----------------------------------------
Bug #11858: CGI.escapeHTML should NOT return frozen string
https://bugs.ruby-lang.org/issues/11858#change-55719

* Author: Toru Iwase
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
After r53220, following snippet fails.

~~~
$ ./ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."'
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
-e:1:in `<main>': can't modify frozen String (RuntimeError)
~~~

In preview2, works.

~~~
$ RBENV_VERSION=2.3.0-preview2 ruby -rcgi -ve 'p CGI.escapeHTML("Hello, ".freeze) << "world."'
ruby 2.3.0preview2 (2015-12-11 trunk 53028) [x86_64-linux]
"Hello, world."
~~~

I think this is backward incompatibility.
`CGI.escapeHTML` should return different and unfreezed string from passed string as `String#gsub`.

~~~
$ ./irb
ruby 2.3.0dev (2015-12-22 trunk 53233) [x86_64-linux]
irb(main):001:0> str = "Ruby".freeze
=> "Ruby"
irb(main):002:0> str.object_id
=> 70236871355920
irb(main):003:0> str.gsub(/\d/, '').frozen?
=> false
irb(main):004:0> str.gsub(/\d/, '').object_id
=> 70236871220100  # different object
irb(main):006:0> require 'cgi'
=> true
irb(main):007:0> CGI.escapeHTML(str).frozen?
=> true
irb(main):008:0> CGI.escapeHTML(str).object_id
=> 70236871355920  # same object
~~~


---Files--------------------------------
escapehtml_dup_str.patch (2.06 KB)


-- 
https://bugs.ruby-lang.org/