From 1b107d48ef2f67a48cb974890c2944381fd4ee4a Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 21 Dec 2015 20:40:02 +0000
Subject: escape.c: Preserve original state

* ext/cgi/escape/escape.c (preserve_original_state): Preserve
  original state for tainted and frozen.  [Fix GH-1166]
  [ruby-dev:49451] [Bug #11855]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/cgi/test_cgi_util.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'test/cgi')

diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
index d30c9bd79c..08c2ed2056 100644
--- a/test/cgi/test_cgi_util.rb
+++ b/test/cgi/test_cgi_util.rb
@@ -68,6 +68,16 @@ class CGIUtilTest < Test::Unit::TestCase
     assert_equal(Encoding::UTF_8, CGI::escapeHTML("'&\"><".force_encoding("UTF-8")).encoding)
   end
 
+  def test_cgi_escape_html_preserve_tainted
+    assert_equal(false, CGI::escapeHTML("'&\"><").tainted?)
+    assert_equal(true, CGI::escapeHTML("'&\"><".taint).tainted?)
+  end
+
+  def test_cgi_escape_html_preserve_frozen
+    assert_equal(false, CGI::escapeHTML("'&\"><".dup).frozen?)
+    assert_equal(true, CGI::escapeHTML("'&\"><".freeze).frozen?)
+  end
+
   def test_cgi_unescapeHTML
     assert_equal("'&\"><", CGI::unescapeHTML("&#39;&amp;&quot;&gt;&lt;"))
   end
-- 
cgit v1.2.3