From c2cbd5528cd1ecd0db08f93dbdd1de7175805ef3 Mon Sep 17 00:00:00 2001
From: tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 15 Sep 2016 21:44:56 +0000
Subject: Don't include bad password in URI exception output

We shouldn't include the bad password in the URI exception output
message.  Just knowing that there is a bad password is enough
information.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56166 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/uri/test_generic.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'test')

diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
index 3510129832..803d427f13 100644
--- a/test/uri/test_generic.rb
+++ b/test/uri/test_generic.rb
@@ -749,6 +749,15 @@ class URI::TestGeneric < Test::Unit::TestCase
     assert_equal('foo:xyzzy', uri.to_s)
   end
 
+  def test_bad_password_component
+    uri = URI.parse('http://foo:bar@baz')
+    password = 'foo@bar'
+    e = assert_raise(URI::InvalidComponentError) do
+      uri.password = password
+    end
+    refute_match password, e.message
+  end
+
   def test_set_scheme
     uri = URI.parse 'HTTP://example'
 
-- 
cgit v1.2.3