Home/ Questions/Q 3630168
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T00:14:09+00:00

I’m using net/http in Ruby to send a GET request to a web service.

  • 0

I’m using net/http in Ruby to send a GET request to a web service. The important bit of code is the following:

Net::HTTP.start("www.thehost.com") do |http|
  req = Net::HTTP::Get.new("/api" + ROUTES[sym] + "?" + params)
  resp = http.request req
end

params is a string which contains key-value pairs in the form key=val&blag=blorg. When the response comes in, it turns out to be an error page from the server, which quotes the request URI; instead of key=val&blag=blorg, it has key=val&blag=blorg. Since when I enter the same address into a web browser with & instead of &, I get the expected response, I suspect that the escaping of & is what’s causing the problem. If anyone with more experience disagrees with that, however, feel free to rename my question!

I should note that when I use http://www.thehost.com/api#{ROUTES[sym]}?#{params} with Net::HTTP.get_response, I get the expected response. What can I do to fix this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just a wild guess: are you doing this in Rails, and could its XSS protection/HTML escaping features be the culprit? What happens if you change it to params.html_safe?

    Since using #{...} in one case works, what happens if you do "/api#{ROUTES[sym]}?#{params}" instead of concatenating strings with +?

    • 0