Project

General

Profile

Bug #10669

Incorrect url parsing in 2.2.0

Added by sam.saffron (Sam Saffron) over 5 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:67187]

Description

Ruby 2.2 is incorrectly treating invalid URLs as correct due to parser change.

Ruby 2.2.0

irb(main):001:0> require 'uri'
=> true
irb(main):002:0> URI.parse("http://hello.com()")
=> #<URI::HTTP http://hello.com()>
irb(main):003:0>

Ruby 2.1

require 'uri'
=> true
irb(main):002:0> URI.parse("http://hello.com()")
URI::InvalidURIError: the scheme http does not accept registry part: hello.com() (or bad hostname?)
    from /home/sam/.rbenv/versions/2.1.2.discourse/lib/ruby/2.1.0/uri/generic.rb:214:in `initialize'
    from /home/sam/.rbenv/versions/2.1.2.discourse/lib/ruby/2.1.0/uri/http.rb:84:in `initialize'
    from /home/sam/.rbenv/versions/2.1.2.discourse/lib/ruby/2.1.0/uri/common.rb:214:in `new'
    from /home/sam/.rbenv/versions/2.1.2.discourse/lib/ruby/2.1.0/uri/common.rb:214:in `parse'
    from /home/sam/.rbenv/versions/2.1.2.discourse/lib/ruby/2.1.0/uri/common.rb:747:in `parse'
    from (irb):2
    from /home/sam/.rbenv/versions/2.1.2.discourse/bin/irb:11:in `<main>'

This is a breaking change.

Updated by naruse (Yui NARUSE) over 5 years ago

  • Status changed from Open to Rejected

RFC3986 reg-name allows "()".

Updated by sam.saffron (Sam Saffron) over 5 years ago

I get that, but a trend is developing here that is concerning.

https://github.com/rack/rack/blob/ab172af1b63f0d8e91ce579dd2907c43b96cf82a/lib/rack/mock.rb#L82-L85

we have a workaround but it seems a bit odd as a default, is there a reason RFC3986 was picked as a default over RFC2396?

Updated by duerst (Martin Dürst) over 5 years ago

we have a workaround but it seems a bit odd as a default, is there a reason RFC3986 was picked as a default over RFC2396?

RFC 3986 already is turning 10 years old (published January 2005) and has been an Internet Standard for that long. It obsoletes RFC 2396, which was published August 1998. So the right question here is "what reason would there be to pick RFC 2396 over RFC 3986 as the default?".

Also available in: Atom PDF