Project

General

Profile

Actions

Bug #11275

closed

RFC3986_Parser accepts invalid URIs containing %

Added by jimpo (Jim Posen) over 9 years ago. Updated about 5 years ago.

Status:
Closed
Target version:
-
ruby -v:
ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-darwin13]
[ruby-core:69637]

Description

URI.parse('https://www.example.com/search?q=%XX') does not raise an error despite being an invalid URI. A % in a URI must be followed by exactly two hex digits, but the RFC3986 parser does not check that in the URI query. Ruby 2.1 correctly raises an error.


Files

uri-parse-query-pct-encoded.patch (1.41 KB) uri-parse-query-pct-encoded.patch jeremyevans0 (Jeremy Evans), 07/05/2019 10:00 PM

Related issues 1 (0 open1 closed)

Related to Ruby master - Bug #10402: URI regression in 2.2.0-preview1 (bad URI(is not URI?): URI::InvalidURIError)Closednaruse (Yui NARUSE)Actions
Actions #2

Updated by usa (Usaku NAKAMURA) over 9 years ago

  • Related to Bug #10402: URI regression in 2.2.0-preview1 (bad URI(is not URI?): URI::InvalidURIError) added

Updated by jeremyevans0 (Jeremy Evans) over 5 years ago

I agree that this is a bug that should be fixed. The implementation automatically percent escapes invalid characters instead of rejecting them by design. However, I don't think that implies we should accept invalid percent escapes already present. Attached is a patch that should fix the issue.

Actions #4

Updated by jeremyevans (Jeremy Evans) about 5 years ago

  • Status changed from Assigned to Closed

Applied in changeset git|7909f06212ae8df6ba7203f8152292a190b2b33a.


Check for invalid hex escapes in URI#query=

Fixes [Bug #11275]

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0