Ruby 2.7 Says Uri.Escape Is Obsolete, What Replaces It

Ruby 2.7 says URI.escape is obsolete, what replaces it?

There is no official RFC 3986-compliant URI escaper in the Ruby standard library today.

See Why is URI.escape() marked as obsolete and where is this REGEXP::UNSAFE constant? for background.

There are several methods that have various issues with them as you have discovered and pointed out in the comment:

  • They produce deprecation warnings
  • They do not claim standards compliance
  • They are not escaping in accordance with RFC 3986
  • They are implemented in tangentially related libraries

Why is URI.escape() marked as obsolete and where is this REGEXP::UNSAFE constant?

I see you answered your question re: UNSAFE. As to this question:

Additionally, this code has the escape / unescape methods marked as 'obsolete' since 2009. Why are they obsolete?

There's some background in this Dec. 2010 issue: https://bugs.ruby-lang.org/issues/4167 In that thread Yui Naruse writes:

URI lib says it refers RFC2396, so current behavior is correct in its
spec.

Yes, I know current behavior is not what you expect. So we plan to
change the lib to refer RFC3986.

Moreover current URI.encode is simple gsub. But I think it should
split a URI to components, then escape each components, and finally
join them.

So current URI.encode is considered harmful and deprecated. This will
be removed or change behavior drastically.

What is the replacement at this time?


As I said above, current URI.encode is wrong on spec level. So we
won't provide the exact replacement. The replacement will vary by its
use case.

We thought most use case is to generate escaped URI from joined URI
componets. For this, people should use URI.join or
URI.encode_www_form; you should escape each components before join
them.

What's the difference between URI.escape and CGI.escape?

There were some small differences, but the important point is that URI.escape has been deprecated in Ruby 1.9.2... so use CGI::escape or ERB::Util.url_encode.

There is a long discussion on ruby-core for those interested which also mentions WEBrick::HTTPUtils.escape and WEBrick::HTTPUtils.escape_form.



Related Topics



Leave a reply



Submit