diff options
| -rw-r--r-- | lib/uri/generic.rb | 1 | ||||
| -rw-r--r-- | test/uri/test_parser.rb | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb index ea79e7950a..c672d15eb2 100644 --- a/lib/uri/generic.rb +++ b/lib/uri/generic.rb @@ -836,6 +836,7 @@ module URI v.encode!(Encoding::UTF_8) rescue nil v.delete!("\t\r\n") v.force_encoding(Encoding::ASCII_8BIT) + raise InvalidURIError, "invalid percent escape: #{$1}" if /(%\H\H)/n.match(v) v.gsub!(/(?!%\h\h|[!$-&(-;=?-_a-~])./n.freeze){'%%%02X' % $&.ord} v.force_encoding(Encoding::US_ASCII) @query = v diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb index 088628a3fb..b13a26ca84 100644 --- a/test/uri/test_parser.rb +++ b/test/uri/test_parser.rb @@ -40,6 +40,11 @@ class URI::TestParser < Test::Unit::TestCase uri_to_ary(u1)) end + def test_parse_query_pct_encoded + assert_equal('q=%32!$&-/?.09;=:@AZ_az~', URI.parse('https://www.example.com/search?q=%32!$&-/?.09;=:@AZ_az~').query) + assert_raise(URI::InvalidURIError) { URI.parse('https://www.example.com/search?q=%XX') } + end + def test_raise_bad_uri_for_integer assert_raise(URI::InvalidURIError) do URI.parse(1) |