Do more strict matching on URI scheme

Signed-off-by: José Valim <[email protected]>

Author: José Valim

lib/elixir/lib/uri.ex

@@ -310,7 +310,7 @@ defmodule URI do
 
   def parse(s) when is_binary(s) do
     # From http://tools.ietf.org/html/rfc3986#appendix-B
-    regex = ~r/^(([^:\/?#]+):)?(\/\/([^\/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?/
+    regex = ~r/^(([a-z][a-z0-9\+\-\.]*):)?(\/\/([^\/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?/i
     parts = nillify(Regex.run(regex, s))
 
     destructure [_, _, scheme, _, authority, path, _, query, _, fragment], parts

lib/elixir/test/elixir/uri_test.exs

@@ -149,10 +149,12 @@ defmodule URITest do
   end
 
   test :parse_bad_uris do
-    assert URI.parse("https:??@?F?@#>F//23/")
     assert URI.parse("")
-    assert URI.parse(":https")
-    assert URI.parse("https")
+    assert URI.parse("https:??@?F?@#>F//23/")
+
+    assert URI.parse(":https").path == ":https"
+    assert URI.parse("https").path == "https"
+    assert URI.parse("ht\0tps://foo.com").path == "ht\0tps://foo.com"
   end
 
   test :ipv6_addresses do