Bug #8330

WEBrick::HTTPUtils::parse_query replaces plus (+) with space

Added by Christoph Dwertmann over 2 years ago. Updated over 2 years ago.

Assignee:Ayumu AIZAWA
ruby -v:ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-darwin12.3.0] Backport:1.9.3: UNKNOWN, 2.0.0: UNKNOWN


According to RFC1738, the plus character (+) is a reserved character and may be used unencoded within a URL. Webrick however replaces plus signs with spaces, which violates the spec and causes a loss of information. An encoded plus character (%2B) is correctly decoded by Webrick.

This bug affects Ruby 1.8, 1.9 and 2.0.

$ irb
irb(main):001:0> require "webrick"
=> true
irb(main):002:0> WEBrick::HTTPUtils::parse_query("a+b c")
=> {"a b c"=>""}
irb(main):003:0> WEBrick::HTTPUtils::parse_query("a%2Bb%20c")
=> {"a+b c"=>""}
irb(main):004:0> D


#1 Updated by Ayumu AIZAWA over 2 years ago

I am not sure about RFC, but attached patch could fix this issue.
I want to get feedback from an expert about this.

#2 Updated by Ayumu AIZAWA over 2 years ago

  • Category set to lib
  • Assignee set to Ayumu AIZAWA

#3 Updated by Yui NARUSE over 2 years ago

  • Status changed from Open to Rejected

WEBrick::HTTPUtils::parse_query decodes application/x-www-form-urlencoded; it's encodes " " as "+".
see also http://url.spec.whatwg.org/#application/x-www-form-urlencoded

Also available in: Atom PDF