Comments (4)
Hmm, yeah that '+' probably should not be being decoded.
However, "There is no way to know if normalized uri will have characters escaped or not" is not accurate. Addressable normalizes to the set of characters that the URI spec explicitly allows in decoded form for each component. This tends to be dramatically more permissive of decoded characters than most people are used to, but it's more precisely correct.
The '+' character is a weird edge case where the correct answer is often unclear. The URI spec indicates it should be decoded, but the HTML specification would make decoding it ambiguous as to whether it should be treated as a '+' or a space. I continue to curse the people who put that paragraph into the HTML spec. One of the worst-thought-out and worst-specified bits of text ever in an accepted spec.
So as an accommodation to the HTML spec and widely used conventions, I opt to break the URI spec in the handling of the '+' character within query strings only.
But what all this should tell you is that if you're looking for specific characters to be encoded and specific characters to be unencoded, normalize
may not be the method you want. The encoding methods in Addressable can take an optional character class string which directly controls what gets encoded.
from addressable.
Thanks for the detailed explanation. I understand the problem with '+' characters now. Indeed, the HTML spec is a pain.
Does it makes sense to change character class used in normalized_query
and to not decode %2B? If it doesn't I will try to encode query with a custom character class in webmock, instead of using normalized_query
.
from addressable.
I started trying to get this resolved, but it turns out to be a lot harder to do correctly than I expected.
The trick with the '+' character is that it needs to be handled differently from all other characters. Normally you would unencode, apply Unicode NFKC normalization, then selectively re-encode. However, the '+' character should simply have nothing happen to it at all. However this turns out to be hard to do, because the normalize method is currently implemented sort of like this:
encode(unicode_normalize(unencode(input)))
The trick is that if you tell the unencode
method not to unencode "%2B", now the encode
method is going to want to encode the "%" character as "%25".
from addressable.
Closed by #99.
from addressable.
Related Issues (20)
- Templates doesn't handle IPv6 IPs
- Invalid scheme format for ssh URL HOT 4
- Is it intended that `normalized_path` destroys the trailing dot when it's the only char? HOT 1
- Improve pure ruby IDNA implementation to match browsers behavior (IDNA2008 and UTS#46) HOT 3
- Equivalent of `URI.regexp(schemes)`? HOT 4
- Crypto mining
- undefined method `to_str' for :id:Symbol (NoMethodError) in 2.8.2 HOT 8
- Template expansion does not work with symbolized hashes in 2.8.1 HOT 1
- Update to 2.8.2 break test env HOT 1
- Any version after 2.8.1 causes errors in our test suite coming from addressable. HOT 8
- Drop support for Ruby 2.2 (and more?) HOT 3
- Disallow backtick in host HOT 1
- Normalize errors when trying to run a simple url normalize HOT 4
- Unsafe concurrent Hash access HOT 9
- k
- feed:http: crashes servers HOT 11
- Valid domain not parsing HOT 1
- Improve release flow HOT 7
- Addressable::URI.escape method does not escape & properly as path param HOT 1
- "CWE-798 - Hardcoded credentials" in Amazon Inspector from uri_spec.rb
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from addressable.