The problem here is that validating URIs is extremely difficult. In practice almost anything can be a valid uri. If you tried validating something even more outrageous (try "@!£&&&--/" perhaps) it will be invalid.

The underlying implementation relies on the addressable gem to validate URIs. If addressable can parse the string to a URI, then we consider it valid. If it can't then it's invalid.

I suspect your issue might be better raised with the addressable gem, but as I mentioned, almost any string can be a valid URI.

I hate to bring this up again, but I think this needs to be revisited. Looking at the current code for Addressable::URI.pase we can see that literally ANY string is sent on through — even if it doesn't match the regexp it references. This is deeply surprising behaviour. It means that "I'm a turtle" counts as a valid URI, even your sample outrageous string.

Perhaps it's better to use Ruby's built in URI library? It's less permissive, but that means it's less surprising. Example IRB session:

> require 'uri'
> URI.parse("@!£&&&--/")
URI::InvalidURIError: URI must be ascii only "@!\u00A3&&&--/"
> URI.parse("i like turtles")
URI::InvalidURIError: bad URI(is not URI?): i like turtles

Further edifying discussion on why this may not be an ideal approach: sporkmonger/addressable#161