1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* lib/logger.rb: added RDoc document for logging message escape

by Hal Brodigan. See #3869


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nahi 2011-01-18 06:11:41 +00:00
parent c8e22ee12c
commit 9ffaa7e96b
2 changed files with 21 additions and 2 deletions

View file

@ -1,3 +1,8 @@
Tue Jan 18 15:05:55 2011 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
* lib/logger.rb: added RDoc document for logging message escape
by Hal Brodigan. See #3869
Tue Jan 18 07:53:52 2011 Tanaka Akira <akr@fsij.org>
* eval_intern.h: parenthesize macro arguments.

View file

@ -1,7 +1,6 @@
# logger.rb - simple logging utility
# Copyright (C) 2000-2003, 2005, 2008 NAKAMURA, Hiroshi <nahi@ruby-lang.org>.
# Copyright (C) 2000-2003, 2005, 2008, 2011 NAKAMURA, Hiroshi <nahi@ruby-lang.org>.
#
# Author:: NAKAMURA, Hiroshi <nakahiro@sarion.co.jp>
# Documentation:: NAKAMURA, Hiroshi and Gavin Sinclair
# License::
# You can redistribute it and/or modify it under the same terms of Ruby's
@ -41,6 +40,21 @@ require 'monitor'
# want to know about the program's internal state, and would set them to
# +DEBUG+.
#
# **Note**: Logger does not escape or sanitize any messages passed to it.
# Developers should be aware of when potentially malicious data (user-input)
# is passed to Logger, and manually escape the untrusted data:
#
# logger.info("User-input: #{input.dump}")
# logger.info("User-input: %p" % input)
#
# You can use Logger#formatter= for escaping all data.
#
# original_formatter = Logger::Formatter.new
# logger.formatter = proc { |severity, datetime, progname, msg|
# original_formatter.call(severity, datetime, progname, msg.dump)
# }
# logger.info(input)
#
# === Example
#
# A simple example demonstrates the above explanation: