diff --git a/src/parser/PhutilURI.php b/src/parser/PhutilURI.php
--- a/src/parser/PhutilURI.php
+++ b/src/parser/PhutilURI.php
@@ -61,7 +61,7 @@
       $host = '(?P<host>[^/:]+)';
       $path = ':(?P<path>.*)';
 
-      $ok = preg_match('(^\s*'.$user.$host.$path.'\z)', $uri, $matches);
+      $ok = preg_match('(^'.$user.$host.$path.'\z)', $uri, $matches);
       if (!$ok) {
         throw new Exception(
           pht(
@@ -344,6 +344,12 @@
     $head = $matches['head'];
     $last = $matches['last'];
 
+    // If any part of this has spaces in it, it's not a Git URI. We fail here
+    // so we fall back and don't fail more abruptly later.
+    if (preg_match('(\s)', $head.$last)) {
+      return false;
+    }
+
     // If the first part has a "." or an "@" in it, interpret it as a domain
     // or a "user@host" string.
     if (preg_match('([.@])', $head)) {
diff --git a/src/parser/__tests__/PhutilURITestCase.php b/src/parser/__tests__/PhutilURITestCase.php
--- a/src/parser/__tests__/PhutilURITestCase.php
+++ b/src/parser/__tests__/PhutilURITestCase.php
@@ -151,6 +151,10 @@
         'x' => '/',
       ),
       $uri->getQueryParams());
+
+    // This is not a legitimate URI and should not parse as one.
+    $uri = new PhutilURI('fruit.list: apple banana cherry');
+    $this->assertEqual('', $uri->getDomain());
   }
 
   public function testAmbiguousURIs() {