From: jim.posen@...
Date: 2015-06-17T22:12:36+00:00
Subject: [ruby-core:69637] [Ruby trunk - Bug #11275] [Open] RFC3986_Parser accepts invalid URIs containing %

Issue #11275 has been reported by Jim Posen.

----------------------------------------
Bug #11275: RFC3986_Parser accepts invalid URIs containing %
https://bugs.ruby-lang.org/issues/11275

* Author: Jim Posen
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-darwin13]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
URI.parse('https://www.example.com/search?q=%XX') does not raise an error despite being an invalid URI. A % in a URI must be followed by exactly two hex digits, but the RFC3986 parser does not check that in the URI query. Ruby 2.1 correctly raises an error. 



-- 
https://bugs.ruby-lang.org/