From: nilesh.tr@gmail.com
To: ruby-core@ruby-lang.org
Subject: [ruby-core:99213] [Ruby master Bug#17029] URI.parse considers https://example.com/### invalid when browsers consider it valid
Date: Sat, 18 Jul 2020 03:26:24 +0000 (UTC) [thread overview]
Message-ID: <redmine.journal-86593.20200718032624.41721@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-17029.20200713173318.41721@ruby-lang.org
Issue #17029 has been updated by nileshtr (Nilesh Trivedi).
I filed an issue at the uri library's Github repo: https://github.com/ruby/uri/issues/8
----------------------------------------
Bug #17029: URI.parse considers https://example.com/### invalid when browsers consider it valid
https://bugs.ruby-lang.org/issues/17029#change-86593
* Author: nileshtr (Nilesh Trivedi)
* Status: Open
* Priority: Normal
* ruby -v: ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-darwin19]
* Backport: 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN
----------------------------------------
I have a form with `<input type="url" required>` and in the backend, I try to extract the domain with `URI.parse(url).host`
A user was able to submit a value like `https://example.com/###` which passed the browser's validation check, but failed by `URI.parse` with this error:
```
3: from /Users/helix/.rbenv/versions/2.7.1/lib/ruby/2.7.0/uri/common.rb:234:in `parse'
2: from /Users/helix/.rbenv/versions/2.7.1/lib/ruby/2.7.0/uri/rfc3986_parser.rb:73:in `parse'
1: from /Users/helix/.rbenv/versions/2.7.1/lib/ruby/2.7.0/uri/rfc3986_parser.rb:67:in `split'
URI::InvalidURIError (bad URI(is not URI?): "https://example.com/###")
```
You can try the browser's behavior at MDN's demo: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/url
This is what the MDN page says about validation:
The syntax of a URL is fairly intricate. It's defined by WHATWG's URL Living Standard ( https://url.spec.whatwg.org/ ) and is described for newcomers in our article What is a URL? ( https://developer.mozilla.org/en-US/docs/Learn/Common_questions/What_is_a_URL )
--
https://bugs.ruby-lang.org/
prev parent reply other threads:[~2020-07-18 3:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-13 17:33 [ruby-core:99153] [Ruby master Bug#17029] URI.parse considers https://example.com/### invalid when browsers consider it valid nilesh.tr
2020-07-13 17:38 ` [ruby-core:99154] " merch-redmine
2020-07-13 21:01 ` [ruby-core:99158] " matthew
2020-07-18 3:26 ` nilesh.tr [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.journal-86593.20200718032624.41721@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).