为什么 URI.escape() 被标记为过时，这个 REGEXP::UNSAFE 常量在哪里? [英] Why is URI.escape() marked as obsolete and where is this REGEXP::UNSAFE constant?

问题描述

我试图弄清楚 ruby​​ 2.2.3 中 URI.escape 的默认不安全字符集是什么.docs 说:

I'm trying to figure out what the default set of unsafe characters is for URI.escape in ruby 2.2.3. The docs say:

默认使用 REGEXP::UNSAFE

By default uses REGEXP::UNSAFE

但我在 URI 模块的任何地方都找不到该常量.

But I can't find that constant anywhere in the URI module.

此外，此代码(片段下面)自 2009 年以来已将转义/unescape 方法标记为过时".为什么它们已过时?

Additionally, this code (snippet below) has the escape / unescape methods marked as 'obsolete' since 2009. Why are they obsolete?

lib/uri/common.rb:97

def escape(*arg)
  warn "#{caller(1)[0]}: warning: URI.escape is obsolete" if $VERBOSE
  DEFAULT_PARSER.escape(*arg)
end

文档是否错误/过时?

推荐答案

我看到你回答了你的问题:UNSAFE.关于这个问题:

I see you answered your question re: UNSAFE. As to this question:

此外，此代码具有转义/unescape 方法自 2009 年以来被标记为过时".为什么它们已过时?

Additionally, this code has the escape / unescape methods marked as 'obsolete' since 2009. Why are they obsolete?

2010 年 12 月的这一期有一些背景信息:https://bugs.ruby-lang.org/issues/4167 在那个线程中 Yui Naruse 写道:

There's some background in this Dec. 2010 issue: https://bugs.ruby-lang.org/issues/4167 In that thread Yui Naruse writes:

URI lib 说它引用了 RFC2396，所以当前的行为是正确的规格

URI lib says it refers RFC2396, so current behavior is correct in its spec.

是的，我知道当前的行为不是您所期望的.所以我们打算更改库以引用 RFC3986.

Yes, I know current behavior is not what you expect. So we plan to change the lib to refer RFC3986.

此外，当前的 URI.encode 是简单的 gsub.但我觉得应该将 URI 拆分为组件，然后转义每个组件，最后加入他们.

Moreover current URI.encode is simple gsub. But I think it should split a URI to components, then escape each components, and finally join them.

因此当前的 URI.encode 被认为是有害的并且已弃用.这会被移除或彻底改变行为.

So current URI.encode is considered harmful and deprecated. This will be removed or change behavior drastically.

此时的替代品是什么?

正如我上面所说，当前的 URI.encode 在规范级别是错误的.所以我们不会提供确切的替代品.更换将因它的不同而有所不同用例.

As I said above, current URI.encode is wrong on spec level. So we won't provide the exact replacement. The replacement will vary by its use case.

我们认为大多数用例是从连接的 URI 生成转义的 URI组件.为此，人们应该使用 URI.join 或URI.encode_www_form;你应该在加入之前转义每个组件

We thought most use case is to generate escaped URI from joined URI componets. For this, people should use URI.join or URI.encode_www_form; you should escape each components before join them.

这篇关于为什么 URI.escape() 被标记为过时，这个 REGEXP::UNSAFE 常量在哪里?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！