Closed k-rudy closed 7 years ago
The problem here is that validating URIs is extremely difficult. In practice almost anything can be a valid uri. If you tried validating something even more outrageous (try "@!£&&&--/" perhaps) it will be invalid.
The underlying implementation relies on the addressable gem to validate URIs. If addressable can parse the string to a URI, then we consider it valid. If it can't then it's invalid.
I suspect your issue might be better raised with the addressable gem, but as I mentioned, almost any string can be a valid URI.
I hate to bring this up again, but I think this needs to be revisited. Looking at the current code for Addressable::URI.pase
we can see that literally ANY string is sent on through — even if it doesn't match the regexp it references. This is deeply surprising behaviour. It means that "I'm a turtle" counts as a valid URI, even your sample outrageous string.
Perhaps it's better to use Ruby's built in URI library? It's less permissive, but that means it's less surprising. Example IRB session:
> require 'uri'
> URI.parse("@!£&&&--/")
URI::InvalidURIError: URI must be ascii only "@!\u00A3&&&--/"
> URI.parse("i like turtles")
URI::InvalidURIError: bad URI(is not URI?): i like turtles
Further edifying discussion on why this may not be an ideal approach: https://github.com/sporkmonger/addressable/issues/161
As stated in Readme -
uri
string format belongs to the list of standard supported validations. But it doesn't work:To make sure this is only an issue with
uri
and not withdate-time
for example, I have checked: