From: jim.posen@...
Date: 2015-06-17T22:23:42+00:00
Subject: [ruby-core:69638] [Ruby trunk - Bug #11275] RFC3986_Parser accepts invalid URIs containing %

Issue #11275 has been updated by Jim Posen.


Seems to have happened in commit [21ab98a997d2ed44c9c95cf5434a42561b2cd688](https://github.com/ruby/ruby/commit/21ab98a997d2ed44c9c95cf5434a42561b2cd688#diff-34d4a062b271fc0687096554d66183d8L5).

----------------------------------------
Bug #11275: RFC3986_Parser accepts invalid URIs containing %
https://bugs.ruby-lang.org/issues/11275#change-52991

* Author: Jim Posen
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-darwin13]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
URI.parse('https://www.example.com/search?q=%XX') does not raise an error despite being an invalid URI. A % in a URI must be followed by exactly two hex digits, but the RFC3986 parser does not check that in the URI query. Ruby 2.1 correctly raises an error. 



-- 
https://bugs.ruby-lang.org/