Project

General

Profile

Bug #11275

RFC3986_Parser accepts invalid URIs containing %

Added by jimpo (Jim Posen) over 4 years ago. Updated 7 days ago.

Status:
Closed
Priority:
Normal
Target version:
-
ruby -v:
ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-darwin13]
[ruby-core:69637]

Description

URI.parse('https://www.example.com/search?q=%XX') does not raise an error despite being an invalid URI. A % in a URI must be followed by exactly two hex digits, but the RFC3986 parser does not check that in the URI query. Ruby 2.1 correctly raises an error.


Files

uri-parse-query-pct-encoded.patch (1.41 KB) uri-parse-query-pct-encoded.patch jeremyevans0 (Jeremy Evans), 07/05/2019 10:00 PM

Related issues

Related to Ruby master - Bug #10402: URI regression in 2.2.0-preview1 (bad URI(is not URI?): URI::InvalidURIError)ClosedActions

Associated revisions

Revision 7909f062
Added by jeremyevans (Jeremy Evans) 7 days ago

Check for invalid hex escapes in URI#query=

Fixes [Bug #11275]

History

#2

Updated by usa (Usaku NAKAMURA) over 4 years ago

  • Related to Bug #10402: URI regression in 2.2.0-preview1 (bad URI(is not URI?): URI::InvalidURIError) added

Updated by jeremyevans0 (Jeremy Evans) 3 months ago

I agree that this is a bug that should be fixed. The implementation automatically percent escapes invalid characters instead of rejecting them by design. However, I don't think that implies we should accept invalid percent escapes already present. Attached is a patch that should fix the issue.

#4

Updated by jeremyevans (Jeremy Evans) 7 days ago

  • Status changed from Assigned to Closed

Applied in changeset git|7909f06212ae8df6ba7203f8152292a190b2b33a.


Check for invalid hex escapes in URI#query=

Fixes [Bug #11275]

Also available in: Atom PDF