Description
After removing my patch for #459 now that it's released under 2.8.1 (thanks 🎉), I noticed I also wrote this little additional method in order to only normalize the URL if needed and otherwise keep it as-is (to avoid changing some reserved chars which can be either encoded or not):
module Addressable
class URI
# only normalize if we see obivously unallowed chars, to avoid changing
# user preference (encoded or not) for some reserved chars
def conservative_normalize!
self.path = normalized_path if path&.match?(/[^#{Addressable::URI::CharacterClasses::PATH + "%"}]/)
self.query = normalized_query if query&.match?(/[^#{Addressable::URI::CharacterClasses::QUERY + "%"}]/)
self.host = normalized_host if host&.match?(/[^#{Addressable::URI::CharacterClasses::HOST}]/)
self.userinfo = normalized_userinfo if userinfo&.match?(/[^#{Addressable::URI::CharacterClasses::UNRESERVED + Addressable::URI::CharacterClasses::SUB_DELIMS + ":"}]/)
self
end
end
endI just though I would share it in case you (or somebody else) are interested in it.
Here is an example URL taken from my service and redacted (note the presence of / and %2F in the param):
http://domain.net/?param=fil:for(webp)/http%3A%2F%2Fwin.net%2Fpics.jpg
The current normalize! method would change the %2F back into /:
http://domain.net/?param=fil:for(webp)/http://win.net/pics.jpg
Both are valid URL, yes, but it's not what the person who wrote this webservice intendend and as they are doing some parsing before unencoding, it actually breaks their server (they probably expected to have a slash unencoded to split and then the rest encoded).
So I had to write this conservative_normalize! to avoid messing with the existing encoding as long as it's legal, and only normalize if necessary.
Activity