Blank spaces being accepted

[badosu]

After #74 got merged, the following happens:

pry> new_record.url
=> "http://this is not a URL"
pry> new_record.valid?
=> true

It was merged as a fix for #73. The issue complains that a certain url should be valid, but it contains an unescaped non-ASCII character (ç) which, per rfc3986, is invalid.

[minifast-winston]

Made a pull request (#85) to revert the URL encoding.

[minifast-winston]

It looks like this gem doesn't properly validate URL paths in some cases. For example, validating http://example.com/some/? doodads=ok against the default validator says the URL is valid, when it should be invalid because of the space.

It seems to be a combination of the presence of both the ? and characters in the path.

[minifast-winston]

It looks like this is behavior of Ruby's URI.parse(). http://ex ample.com throws an error, but http://example.com/? fun encodes to http://example.com/?%20fun.

It seems that either their is a problem with URI.parse(), or that its authors do not intend for it to validate querystrings - which seems odd.

[minifast-winston]

It looks like this is part of the implementation of Generic.parse() (https://github.com/ruby/ruby/blob/trunk/lib/uri/generic.rb#L75)

# At first, tries to create a new URI::Generic instance using
# URI::Generic::build. But, if exception URI::InvalidComponentError is raised,
# then it does URI::Escape.escape all URI components and tries again.

[minifast-winston]

It seems like relying on URI.parse() alone for validation isn't ideal since the authors have decided it should try to encode the URL in event of an exception. This means that invalid strings will pass validation.

[minifast-winston]

Added another commit in the pull request to handle the spaces in querystring issue. In addition to the usual checks, we now match the raw url value against the URI::regexp pattern for its scheme.