From: andrew@...
Date: 2016-05-09T20:45:21+00:00
Subject: [ruby-core:75422] [Ruby trunk Bug#12363] URI::Generic.build allows	invalid input

Issue #12363 has been reported by Andrew Vit.

----------------------------------------
Bug #12363: URI::Generic.build allows invalid input
https://bugs.ruby-lang.org/issues/12363

* Author: Andrew Vit
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.1.8p440
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
Reproduce:

~~~
require 'uri'
invalid_host = 'ex_ample.com'
invalid_userinfo = 'uuuu:pp/pp'
uri = URI::Generic.new('http', invalid_userinfo,  invalid_host, 80, nil, '/', nil, nil, nil)
uri.to_s
#=> "http://uuuu:pp/pp@ex_ample.com:80/"

uri.userinfo = uri.userinfo
# raise URI::InvalidComponentError

uri.host = uri.host
# raise URI::InvalidComponentError
~~~

It should be expected that these are already encoded, so invalid characters in URI fields should not be allowed. These should be consistent with writer methods `userinfo=`, `host=`, etc.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>