RSS::Parser.parseでSecurityError

[email protected]>;3OB9-$G$9!#e(B

http://lists.sourceforge.jp/mailman/archives/hiki-dev/2007-March/001150.html
[Hiki-dev:01151] Ruby
1.8.6e$B$Ge(Brss-showe$B$r$&$4$+$9$He(Bsecuritye$B%(%i!<e(B

e$B$H$$$&$N$rD4$Y$F$$$F5$$,$D$$$?$N$G$9$,!"e(B

#!/usr/bin/ruby
require rss
rss = RSS::Maker.make(1.0) do |maker|
maker.channel.about = http://example.com/index.rdf
maker.channel.title = Example
maker.channel.description = Example Site
maker.channel.link = http://example.com/
end.to_s
rss.taint
$SAFE = 1
RSS::Parser.parse(rss, false)

e$B$N$h$&$Ke(B$SAFEe$B$,e(B1e$B$+e(B2e$B$N$H$-$K!"e(Btaintede$B$Je(BStringe$B$re(BRSS::Parser.parsee$B$KEO$9$He(B
/rss/parser.rb:314:in `respond_to?: Insecure: cant intern tainted
string (SecurityError)
e$B$K$J$j$^$9!#e(B
($SAFEe$B$,e(B3e$B$He(B4e$B$N$H$-$O$=$l$>$lJL$N$H$3$m$Ge(B SecurityError
e$B$K$J$k$1$I!"e(B
e$B$=$l$O$?$V$sLdBj$O$J$$$O$:!#e(B)

e$B860x$H$7$F!"0J2<$N$h$&$KBP1~$9$ke(B Symbol e$B$,$J$$e(B String
e$B$re(B
e$B0z?t$H$7$Fe(B respond_to? e$B$r8F$S=P$9$He(B SecurityError e$B$Ke(B
e$B$J$C$F$$$k$h$&$G$9!#e(B

e$B$3$N$H$-!e(BSecurityError e$B$K$J$k$J$ie(Brespond_to? e$B$Oe(B false
e$B$Ke(B
e$B$J$k$O$:!$HM=B,$G$-$F$7$^$&$N$Ge(B SecurityError e$B$G$O$J$/e(B
false e$B$rJV$7$F$b%;%-%e%j%F%#$NLdBj$O$J$$$H;W$&$N$G$9$,!"e(B
e$B$I$&$G$7$g$&$+e(B?

% ruby18 -ve $SAFE=1; respond_to? to_a.taint
ruby 1.8.6 (2007-03-13 patchlevel 5000) [i686-linux]
% ruby18 -ve $SAFE=1; respond_to? hoge.taint
ruby 1.8.6 (2007-03-13 patchlevel 5000) [i686-linux]
-e:1:in `respond_to?: Insecure: cant intern tainted string
(SecurityError)
from -e:1
% ruby18 -ve def hoge; end; $SAFE=1; respond_to? hoge.taint
ruby 1.8.6 (2007-03-13 patchlevel 5000) [i686-linux]
% ruby18 -ve :hoge; $SAFE=1; respond_to? hoge.taint
ruby 1.8.6 (2007-03-13 patchlevel 5000) [i686-linux]
-e:1: warning: unused literal ignored
%

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs