Skip to content

Instantly share code, notes, and snippets.

@joost

joost/README.md

Last active January 8, 2024 20:03
Show Gist options
  • Star 21 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save joost/ca4eda8f31655cf6095a to your computer and use it in GitHub Desktop.
Save joost/ca4eda8f31655cf6095a to your computer and use it in GitHub Desktop.
Download ZIP
How to fix invalid byte sequence in UTF-8 rack in Rails
Raw
README.md

Add the utf8_sanitizer.rb to your Rails 3.2 project in app/middleware. Instead of removing the invalid request characters and continuing the request (as some gems do) it returns a 400 error.

Add the following line to your config/application.rb:

config.middleware.use 'Utf8Sanitizer'

If you only need it in production add to config/environments/production.rb. This can be without quotes:

config.middleware.use Utf8Sanitizer

Check if it works by adding ?%28t%B3odei%29 to a request to your app. Instead of a HTTP 500 error you should get a error 400 returned saying Bad request.

Sources:

Gems that do something similar:

Raw
utf8_sanitizer.rb
# Put in /app/middleware/utf8_sanitizer.rb and add
# config.middleware.use 'Utf8Sanitizer'
# to config/application.rb.
# See: https://gist.github.com/joost/ca4eda8f31655cf6095a
class Utf8Sanitizer
SANITIZE_ENV_KEYS = %w(
HTTP_REFERER
PATH_INFO
REQUEST_URI
REQUEST_PATH
QUERY_STRING
)
def initialize(app)
@app = app
end
def call(env)
SANITIZE_ENV_KEYS.each do |key|
string = env[key].to_s
valid = URI.decode(string).force_encoding('UTF-8').valid_encoding?
# Don't accept requests with invalid byte sequence
return [ 400, { }, [ 'Bad request' ] ] unless valid
end
@app.call(env)
end
end
@bramswenson
Copy link

Nice work. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment