Script Kiddie attempts triggering Rails URI::InvalidURIError - how to filter?

Question

I just launched a production Rails app (on Heroku) on a long-existing domain and, of course, now that it's facing the wide open web, I'm picking up all the flotsam and jetsam of the attempted script kiddies.

I have any exceptions that get thrown emailed to me and I've managed to catch (rescue_from) all the standard errors, but this keeps coming through a few times a day:

An URI::InvalidURIError occurred in #:

bad URI(is not URI?): http://www.myapp.com/assets/,data:n,complete:function(e,t)
{r&&u.each(r,o||[e.responseText,t,e])}}).done(function(e){o=arguments,u
vendor/ruby-1.9.3/lib/ruby/1.9.1/uri/common.rb:176:in `split'


-------------------------------
Request:
-------------------------------

 * URL       : http://myapp.com/assets/,data:n,complete:function(e,t)
{r&&u.each(r,o||[e.responseText,t,e])}}).done(function(e){o=arguments,u.html(i?v(
 * IP address: 195.241.58.105
 * Parameters: {"v("=>nil, "path"=>"assets/,data:n,complete:function(e,t){r&&u.each(r,o||
[e.responseText,t,e])}}).done(function(e){o=arguments,u", "format"=>"html(i"}
 * Rails root: /app
 * Timestamp : 2013-02-26 16:53:51 UTC

So from my untrained eye, this looks like script kiddies attempting to try for some sort of vulnerability (or?)

My questions:

1) This is one area where I'm not sure how far the "rails magic" goes -- do I need to do anything? I don't really like that outside forces are able to cause an exception in my app just from the request. Should I be rescuing the URI::InvalidURIError exception and just throwing a 404? Is there anything more I should be doing? Does this happen to everyone?

2) Is something misconfigured or is this just standard "stock production" behavior for an app? I'm running Rails 3.2.12 (latest patched version as of this posting).

Thanks in advance for any advice!

EDIT: Adding some more details about the requests, as Christian pointed out below, might not be script kiddies? Either way, I'm curious.

2nd request:

An URI::InvalidURIError occurred in #:

bad URI(is not URI?): http://www.myapp.com/assets/&&!yt.test(e)&&
(v.support.htmlSerialize||!wt.test(e))&&
(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt
 vendor/ruby-1.9.3/lib/ruby/1.9.1/uri/common.rb:176:in `split'


-------------------------------
Request:
-------------------------------

 * URL       : http://myapp.com/assets/&&!yt.test(e)&&
(v.support.htmlSerialize||!wt.test(e))&&
(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt.exec(e)||[
 * IP address: 217.16.182.42
 * Parameters: {"path"=>"assets/&&!yt.test(e)&&(v.support.htmlSerialize||!wt.test(e))&&
(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt", "format"=>"exec(e)||["}
 * Rails root: /app
 * Timestamp : 2013-02-27 18:37:20 UTC

3rd request:

An URI::InvalidURIError occurred in #:

 bad URI(is not URI?): http://www.myapp.com/assets/&&!yt.test(e)&&
(v.support.htmlSerialize||!wt.test(e))&&
(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt
 vendor/ruby-1.9.3/lib/ruby/1.9.1/uri/common.rb:176:in `split'


-------------------------------
Request:
-------------------------------

 * URL       : http://myapp.com/assets/&&!yt.test(e)&&
(v.support.htmlSerialize||!wt.test(e))&&
(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt.exec(e)||[
 * IP address: 62.141.42.107
 * Parameters: {"path"=>"assets/&&!yt.test(e)&&(v.support.htmlSerialize||!wt.test(e))&&
(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt", "format"=>"exec(e)||["}
 * Rails root: /app
 * Timestamp : 2013-02-27 20:56:25 UTC

Answer 1

I just found that code in my production.log

GET "/assets/&&!yt.test(e)&&(v.support.htmlSerialize||!wt.test(e))&&(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt.exec(e)||["

Rails 3.2.13 dealt with it with Completed 406 Not Acceptable