Remove URI from error messages

ruby / uri

URI is a module providing classes to handle Uniform Resource Identifiers

https://ruby.github.io/uri/

Other

78 stars 42 forks source link

Remove URI from error messages #91

Open ankane opened 9 months ago

ankane commented 9 months ago

Since a URI may contain a password, it'd be good to keep it out of error messages (to keep it from ending up in logging or exception reporting services). For instance:

URI.parse("https://user:password@example.com/[")

currently raises

bad URI(is not URI?): "https://user:password@example.com/[" (URI::InvalidURIError)

ankane commented 9 months ago

Removed logging the registry as well for the same reason.

URI::Parser.new.parse("https://user:password@example_com")

currently raises:

the scheme https does not accept registry part: user:password@example_com (or bad hostname?) (URI::InvalidURIError)

Ref: https://github.com/ankane/blazer/issues/457