Christopher Dicely
8/24/2008 12:03:00 AM
On Sat, Aug 23, 2008 at 4:52 PM, Gregory Brown
<gregory.t.brown@gmail.com> wrote:
> On Sat, Aug 23, 2008 at 7:37 PM, Urabe Shyouhei <shyouhei@ruby-lang.org> wrote:
>> James Britt wrote:
>>> Then the original post is misleading in emphasizing Rails.
>>>
>>> Lots of people use REXML on the Web outside of Rails, so the effect on
>>> Rails is incidental to the real problem and should have been omitted
>>> for clarity.
>>
>> Incidental yes, but that doesn't mean Rails users must be ignored.
>> Perhaps web-admins should not omit Rails workarounds, but also add a
>> note that non-Rails apps can suffer this issue.
>
> But really, the case is "Any Ruby code parsing user passed XML", which
> is in no way limited to Rails.
> It's reasonable to say "Hey Rails kids, this means you!", but I think
> it's a little misleading to pass it off as a Rails bug with a
> monkeypatch rather than a patch against Ruby itself.
I don't think the monkeypatch has anything to do with Rails vs. Ruby,
since there are general instructions for the monkeypatch followed by
instructions on how to include it in a Rails app.