Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URI Gotcha with Ruby 2.2.x #57

Closed
jamiecobbett opened this issue Jun 26, 2015 · 3 comments
Closed

URI Gotcha with Ruby 2.2.x #57

jamiecobbett opened this issue Jun 26, 2015 · 3 comments

Comments

@jamiecobbett
Copy link
Contributor

Applications using this gem need to take care when upgrading to Ruby 2.2.x as it is less tolerant of non-standard URIs and so new and existing content might no longer be parseable by Govspeak.

More detail:

Ruby 2.2 upgrades the URI module in stdlib to support RFC3986. This is a stricter form of URI.parse and means that anywhere we parse URIs that might be invalid, an error will be raised.

Examples found so far include:

  • mailto://address links (raises NoMethodError: undefined method 'split' for nil:NilClass
  • blank mailto: (raises NoMethodError: undefined method 'split' for nil:NilClass)
  • URLs with trailing spaces (raises URI::InvalidURIError: bad URI(is not URI?))

This may or may not be something we can/should fix in Govspeak. The alternative is to be aware when upgrading apps using Govspeak to fix existing content.

@boffbowsh did the hard work to figure this out. For more information, see: alphagov/whitehall#2234
@jamiecobbett jamiecobbett changed the title Gotcha with Ruby 2.2.x URI Gotcha with Ruby 2.2.x Jun 26, 2015
@tekin
Copy link
Contributor

tekin commented Jun 26, 2015

One option is to use Addressable::URI instead of URI - it's less strict when parsing URIs and is more or less a drop in replacement.

@jamiecobbett jamiecobbett mentioned this issue Jul 24, 2015
Merged
@fofr fofr mentioned this issue Oct 13, 2015
Merged
@h-lame
Copy link
Contributor

h-lame commented Oct 13, 2015

Is there any desire to do what @tekin suggests and replace URI.parse with Addressable::URI.parse to avoid unexpected exceptions?

h-lame added a commit to alphagov/places-manager that referenced this issue Oct 14, 2015
@h-lame
Stop validating that CSVs are valid HTML
ff5584b 
The intention of this was to make sure that no sketchy HTML is present in the
fields of the CSV and so upstream consumers of the places API don't risk
presenting that HTML when they render places.  A noble goal, but poorly
implemented as it only protected uploaded Places, not any entered or edited
directly via the admin interface.

The other problem with the solution as it stands is that it uses govspeak to
validated the file.  Govspeak has a known problem for apps that want to upgrade
to ruby 2.2.x (see: alphagov/govspeak#57) and so this
is a blocker for our upgrade.

Having discussed the issue with @alext and @jennyd we decided that to proceed we
would drop the feature entirely to avoid blocking the upgrade and create a story
in the backlog (see: https://trello.com/c/jFShPn1t/167) to properly address
sanitising or rejecting Place data at a later date.
@benlovell benlovell mentioned this issue Nov 20, 2015
Merged
@jamiecobbett
Copy link
Contributor Author

Fixed in 3.5.1.

elliotcm added a commit to alphagov/whitehall that referenced this issue Jan 7, 2016
@elliotcm
Upgrade Ruby to 2.2.3
5ca1bf3 
The issue with Govspeak which prevented this upgrade
were fixed in version 3.5.1 according to this
comment: alphagov/govspeak#57 (comment)
@elliotcm elliotcm mentioned this issue Jan 7, 2016
Merged
elliotcm added a commit to alphagov/whitehall that referenced this issue Jan 7, 2016
@elliotcm
Upgrade Ruby to 2.2.3
4ce0b2d 
The issue with Govspeak which prevented this upgrade
were fixed in version 3.5.1 according to this
comment: alphagov/govspeak#57 (comment)

Requires replacing (almost) all usages of stdlib
URI in this application.

The only remaining usage is a test which uses
`URI.extract`.
elliotcm added a commit to alphagov/whitehall that referenced this issue Jan 7, 2016
@elliotcm
Upgrade Ruby to 2.2.3
471e28b 
The issue with Govspeak which prevented this upgrade
were fixed in version 3.5.1 according to this
comment: alphagov/govspeak#57 (comment)

Requires replacing (almost) all usages of stdlib
URI in this application.

The only remaining usage is a test which uses
`URI.extract`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@h-lame @tekin @jamiecobbett