Does anyone know / can point me to why ActiveSupport::SafeBuffer doesn't rely on `tainted?` /cc @tenderlove @wycats @nzkoz
-
-
Replying to @godfoca
@godfoca@tenderlove@wycats we did investigate it, but strings come from everywhere (memcached, net/http, database) tonnes weren’t tainted1 reply 0 retweets 2 likes -
-
Replying to @godfoca
@godfoca@tenderlove@wycats it’s also hard to have a single notion of ‘safe’, depends on context of use1 reply 0 retweets 2 likes
Replying to @nzkoz
@nzkoz @godfoca @tenderlove what nzkoz said. Needs to be whitelist not blacklist, and contextual.
2:22 PM - 22 Jul 2014
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.