"drbrain (Eric Hodel)" <drbrain / segment7.net> wrote:
> Feature #6492: Inflate all HTTP Content-Encoding: deflate, gzip, x-gzip responses by default
> https://bugs.ruby-lang.org/issues/6492

I like Net::HTTP being able to inflate compressed responses.

However, I think doing this by default is exploitable by an evil server.
A server could compress a huge file of zeroes to trigger an
out-of-memory conditions in existing code that uses Net::HTTP.

100M compresses to 100K for me:

$ dd if=/dev/zero bs=1M count=100 | gzip -c | wc -c
101791