Bug #6696
closed[PATCH] ERB::Util.url_encode should not escape unreserved characters
Description
ERB::Util.url_encode is escaping tilde (~) where it should not according to the RFC.
This fixes that behaviour so that it now correctly avoids escaping all unreserved characters as per RFC 3986, Section 2.3:
http://tools.ietf.org/html/rfc3986#section-2.3
Fwiw., this is also how the Perl implementation works:
http://search.cpan.org/dist/URI/URI/Escape.pm#DESCRIPTION
I opened this issue originally on Github, but I think it warrants further discussion, so re-opening here.
Files
Updated by madeofcode (Mark Dodwell) over 12 years ago
Sorry, somehow this ticket subject line got truncated. Newline paste fail.
Updated by shyouhei (Shyouhei Urabe) over 12 years ago
- Subject changed from [PATCH] to [PATCH] ERB::Util.url_encode should not escape unreserved characters
- Status changed from Open to Feedback
FYI, the old discussion is at https://github.com/ruby/ruby/pull/54
I see the patch itself is OK. The question is to be or not to be able to escape tilde.
Updated by naruse (Yui NARUSE) over 12 years ago
- Status changed from Feedback to Assigned
- Assignee set to seki (Masatoshi Seki)
Updated by duerst (Martin Dürst) over 12 years ago
The tilde was added to the unreserved characters in URIs in RFC 2396. It is specifically mentioned in http://tools.ietf.org/html/rfc2396#appendix-G.2:
The tilde "~" character was added to those in the "unreserved" set,
since it is extensively used on the Internet in spite of the
difficulty to transcribe it with some keyboards.
RFC 2396 was published in August 1998, about 14 years ago. I think it's safe to make this change now :-).
Updated by naruse (Yui NARUSE) over 12 years ago
This can change but need not, so up to seki, the maintainer.
やってもやらなくてもいい変更だと思っているので、関さんにお任せします。
Updated by naruse (Yui NARUSE) over 11 years ago
- Target version changed from 1.9.3 to 2.6
Updated by hsbt (Hiroshi SHIBATA) over 7 years ago
- Assignee changed from seki (Masatoshi Seki) to k0kubun (Takashi Kokubun)
Updated by duerst (Martin Dürst) over 7 years ago
It's now close to 19 years since RFC 2396, so please fix this issue, thanks!
Updated by k0kubun (Takashi Kokubun) over 7 years ago
- Status changed from Assigned to Closed
Applied in changeset trunk|r58772.
erb.rb: Don't encode tilde in #url_encode
Based on patch by madeofcode (Mark Dodwell).
[ruby-core:46168] [Bug #6696] [Fix GH-54]
~
is a unreserved character.
https://tools.ietf.org/html/rfc3986#section-2.3
Updated by usa (Usaku NAKAMURA) over 7 years ago
- Backport changed from 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN to 2.2: WONTFIX, 2.3: WONTFIX, 2.4: UNKNOWN
memo: I think that this is a bug, but it may surprise users to change this behavior at teeny releases. Therefore I decided not to backport this to ruby_2_3 branch.