From: "jeremyevans0 (Jeremy Evans) via ruby-core" Date: 2024-08-19T23:46:50+00:00 Subject: [ruby-core:118901] [Ruby master Bug#20686] URI::HTTPS can build URI with blank, invalid host Issue #20686 has been updated by jeremyevans0 (Jeremy Evans). jhawthorn (John Hawthorn) wrote in #note-2: > jeremyevans0 (Jeremy Evans) wrote in #note-1: > > It appears RFC 3986 allows empty hosts (https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2: `reg-name = *( unreserved / pct-encoded / sub-delims )`), so I think this is not a bug, but an expected behavior change. > > It's allowed by the ABNF, but the next paragraph states that it isn't valid for HTTP/HTTPS URIs > > > If the URI scheme defines a default for host, then that default > > applies when the host subcomponent is undefined or when the > > registered name is empty (zero length). For example, the "file" URI > > scheme is defined so that no authority, an empty host, and > > "localhost" all mean the end-user's machine, **whereas the "http"** > > **scheme considers a missing authority or empty host invalid.** Thank you for pointing that out. I obviously should have read a little further. I submitted a pull request to reject empty host for `URI::HTTP{,S}`: https://github.com/ruby/uri/pull/116 ---------------------------------------- Bug #20686: URI::HTTPS can build URI with blank, invalid host https://bugs.ruby-lang.org/issues/20686#change-109470 * Author: ronricardo (Roniece Ricardo) * Status: Open * ruby -v: 3.4.0+ * Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- In Ruby 3.4.0+, calling `URI::HTTPS.build(host: "")` does not raise `URI::InvalidComponentError` as expected. Instead, it returns `#` I think this was introduced in [this PR](https://github.com/ruby/uri/pull/90). ## Steps to Reproduce ### 1. Environment: - **Ruby Version:** 3.4.0+ ### 2. Steps: - Open an IRB session. - Run: ```ruby URI::HTTPS.build(host: "") ``` ### 3. Expected Behavior: - `URI::InvalidComponentError` should be raised due to the invalid empty `host` component. ### 4. Actual Behavior: - Returns `#` without raising an error. ### Ruby 3.1.4: ```ruby irb(main):008:0> RUBY_VERSION => "3.1.4" irb(main):009:0> URI::HTTPS.build(host:"") /home/vscode/.rbenv/versions/3.1.4/lib/ruby/3.1.0/uri/generic.rb:601:in `check_host': bad component(expected host component): (URI::InvalidComponentError) ``` ### Ruby 3.4.0: ```ruby irb(���):015> RUBY_VERSION => "3.4.0" irb(...):016> URI::HTTPS.build(host:"") => # ``` -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/