Merge pull request #812 from tobarja/stringinfect

String#inspect can taint and untrust
topazproject · Jul 26, 2013 · 7e8a9b8c143d59e3242db3316a929ea76d7d0a8f · 7e8a9b8
2 parents 879e92b + 36f0e65
commit 7e8a9b8c143d59e3242db3316a929ea76d7d0a8f
Unified Split

Showing with 3 additions and 3 deletions.

+0 −2 spec/tags/core/string/inspect_tags.txt

+3 −1 topaz/objects/stringobject.py
diff --git a/spec/tags/core/string/inspect_tags.txt b/spec/tags/core/string/inspect_tags.txt
@@ -1,5 +1,3 @@
-fails:String#inspect taints the result if self is tainted
-fails:String#inspect untrusts the result if self is untrusted
 fails:String#inspect returns a string with special characters replaced with \<char> notation
 fails:String#inspect returns a string with " and \ escaped with a backslash
 fails:String#inspect returns a string with \#<char> when # is followed by $, @, {

diff --git a/topaz/objects/stringobject.py b/topaz/objects/stringobject.py
@@ -493,7 +493,9 @@ def method_ord(self, space):
 
     @classdef.method("inspect")
     def method_inspect(self, space):
-        return space.newstr_fromstr('"%s"' % self.str_w(space))
+        s = space.newstr_fromstr('"%s"' % self.str_w(space))
+        space.infect(s, self)
+        return s
 
     @classdef.method("+")
     def method_plus(self, space, w_obj):