Issue #5843 has been updated by naruse (Yui NARUSE). postmodern (Hal Brodigan) wrote: > Should this also be prevented in Net::HTTP with a simple URI.escape(path_query,"\n") ? what? ---------------------------------------- Backport #5843: URI::HTTP and Net::HTTP do not escape \n characters in the query-string https://bugs.ruby-lang.org/issues/5843#change-28132 Author: postmodern (Hal Brodigan) Status: Closed Priority: Normal Assignee: akira (akira yamada) Category: Target version: When building new URI::HTTP objects, \n characters in the query-string are not escaped. An unescaped \n character will cause two lines to be sent to an HTTP Server when passed to Net::HTTP.get, which causes parsing errors. require 'uri/http' require 'net/http' uri = URI::HTTP.build(:host => 'www.example.com', :path => '/', :query => "hello\nworld") Net::HTTP.get(uri) 00000000 47 45 54 20 2f 3f 68 65 6c 6c 6f 0a 77 6f 72 6c GET /?he llo.worl 00000010 64 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 d HTTP/1 .1..Acce 00000020 70 74 3a 20 2a 2f 2a 0d 0a 55 73 65 72 2d 41 67 pt: */*. .User-Ag 00000030 65 6e 74 3a 20 52 75 62 79 0d 0a 48 6f 73 74 3a ent: Rub y..Host: 00000040 20 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d www.exa mple.com 00000050 0d 0a 0d 0a .... -- http://bugs.ruby-lang.org/