Bug #9990
closed
URI.parse and URI.encode use different RFCs
Description
The latest code for URI.parse uses RFC3986 but URI.encode/URI.escape still uses the old URI::RFC2396_Parser implementation of encode. This causes problems when the specs diverge.
In RFC3986 square brackets "[" and "]" are reserved and need to be percent encoded in the query string, although they didn't in RFC2396. This means the the following url cannot be parsed by the new parser, and isn't encoded correctly by the old encoder: https://bugs.ruby-lang.org/projects/ruby-trunk/issues?set_filter=1&f[]=status_id&op[status_id]=o
Here's a quick ruby script which demonstrates the issue on 2.2.0dev:
url = "https://bugs.ruby-lang.org/projects/ruby-trunk/issues?set_filter=1&f[]=status_id&op[status_id]=o"
puts URI.encode(url)
URI.parse(URI.encode(url))
The output of running this script can be seen at: https://gist.github.com/lengarvey/c1d17913f9ea95fd999c
I believe a new encoder needs to be written up according to the RFC3986 spec and this should be used as the default in URI.
Updated by
Updated by lengarvey (Leonard Garvey) over 10 years ago
I did see it, this bug points out that URI.escape isn't covered by that change. I'm not sure if there's a more appropriate place for that feedback besides raising this issue though. This is a separate issue to the one raised by @tenderlove in #2542 though. Aaron seems to be saying that URI.parse has changed semantics significantly and breaks existing code, this issue is demonstrate that there exists no way to properly encode a URI so that URI.parse will accept it.
Updated by nagachika (Tomoyuki Chikanaga) over 10 years ago
- Status changed from Feedback to Assigned
Updated by nobu (Nobuyoshi Nakada) about 10 years ago
- Related to Feature #2542: URI lib should be updated to RFC 3986 added
Updated by naruse (Yui NARUSE) almost 7 years ago
- Status changed from Assigned to Closed
[Bug #10402] allows [ and ].
Therefore it's not problem in practical.