D
Daniel Berger
Hi all,
As I'm looking over the source code for some extensions (under /ext in
the Ruby source), I've noticed that there are a fair number of calls to
rb_secure() and rb_tainted_string_new().
When should I call these? When interfacing with underlying OS
functions (as etc.c does) should it be standard practice to call
rb_secure(4)?
Why are so many C extensions returning strings as tainted? I mean, you
don't see folks doing this in their pure Ruby code very often. Why so
much on the C side of things?
Is there a general guideline I can follow? What exactly qualifies as
"external data" here?
Regards,
Dan
As I'm looking over the source code for some extensions (under /ext in
the Ruby source), I've noticed that there are a fair number of calls to
rb_secure() and rb_tainted_string_new().
When should I call these? When interfacing with underlying OS
functions (as etc.c does) should it be standard practice to call
rb_secure(4)?
Why are so many C extensions returning strings as tainted? I mean, you
don't see folks doing this in their pure Ruby code very often. Why so
much on the C side of things?
Is there a general guideline I can follow? What exactly qualifies as
"external data" here?
Regards,
Dan