Ruby 2.7 says URI.escape is obsolete, what replaces it?
There is no official RFC 3986-compliant URI escaper in the Ruby standard library today.
See Why is URI.escape() marked as obsolete and where is this REGEXP::UNSAFE constant? for background.
There are several methods that have various issues with them as you have discovered and pointed out in the comment:
- They produce deprecation warnings
- They do not claim standards compliance
- They are not escaping in accordance with RFC 3986
- They are implemented in tangentially related libraries
Why is URI.escape() marked as obsolete and where is this REGEXP::UNSAFE constant?
I see you answered your question re: UNSAFE
. As to this question:
Additionally, this code has the escape / unescape methods marked as 'obsolete' since 2009. Why are they obsolete?
There's some background in this Dec. 2010 issue: https://bugs.ruby-lang.org/issues/4167 In that thread Yui Naruse writes:
URI lib says it refers RFC2396, so current behavior is correct in its
spec.Yes, I know current behavior is not what you expect. So we plan to
change the lib to refer RFC3986.Moreover current URI.encode is simple gsub. But I think it should
split a URI to components, then escape each components, and finally
join them.So current URI.encode is considered harmful and deprecated. This will
be removed or change behavior drastically.What is the replacement at this time?
As I said above, current URI.encode is wrong on spec level. So we
won't provide the exact replacement. The replacement will vary by its
use case.We thought most use case is to generate escaped URI from joined URI
componets. For this, people should use URI.join or
URI.encode_www_form; you should escape each components before join
them.
What's the difference between URI.escape and CGI.escape?
There were some small differences, but the important point is that URI.escape
has been deprecated in Ruby 1.9.2... so use CGI::escape
or ERB::Util.url_encode.
There is a long discussion on ruby-core for those interested which also mentions WEBrick::HTTPUtils.escape and WEBrick::HTTPUtils.escape_form.
Related Topics
Rails 5 Db Migration: How to Fix Activerecord::Concurrentmigrationerror
How to Use Functions Like Concat(), etc. in Arel
Protected Sharing Link in Ruby on Rails
Accepts_Nested_Attributes_For Ignore Blank Values
Best Way to Use Twitter Bootstrap Icons as Links in Ruby on Rails 3
Ruby on Rails Source Code Security/Obfuscation
How the Anchor \Z and \G Works in Ruby
Does the Order of Gems in Your Gemfile Make a Difference
Import SASS File from Database Instead of Filesystem
How to Reset a Factory_Girl Sequence
Set Locale Automatically in Ruby on Rails
Unpermitted Parameters for Dynamic Forms in Rails 4
How to Split Routes.Rb into Smaller Files
Why Does a Rails App on Heroku Serve Assets via All.CSS and Locally via Individual Files
Uploading Files in Ruby on Rails
Cannot Load Such File -- MySQL2/2.4/Mysql2 (Loaderror) - Windows