I have been in the situation where the server will redirect me to an unsanitized URI on a meta-refresh.
def self.parse content, base_uri
return unless content =~ CONTENT_REGEXP
delay, refresh_uri = $1, $3
dest = base_uri
dest += refresh_uri if refresh_uri # Oops!
return delay, dest
The referenced line will raise URI::InvalidURIError if refresh_uri contains illegal symbols (such as <). I don't quite know where the sanitize should be done though.
I'll fix the mechanize to match the behavior in Safari which is to convert /funky?<b>Welcome<%2Fb> to /funky?%3Cb%3EWelcome%3C%2Fb%3E.
PS: In the future, please come straight here and file a bug, even if you think it might not be a bug. I would have fixed this for mechanize 2.1.
In meta refresh, escape special characters in the URI before parsing.…
… % is excluded because Safari doesn't escape it. Issue #177
Fix uri_escape for ruby 1.8. Issue #177
Sorry I didn't come here earlier, I didn't quite know what to do with the issue.
Do you know when the next version of mechanize will be released; can I point to a pre-release gem?
Would really like to take advantage of this fix.
Or is there an easy way to monkey patch it?
I released it today.