mirror of
https://github.com/golang/go
synced 2024-11-20 00:44:45 -07:00
net/url: Correctly escape URL as per RFC 3986
The shouldEscape function did not correctly escape the reserved characters listed in RFC 3986 §2.2, breaking some strict web servers. Fixes #3433. R=rsc CC=golang-dev https://golang.org/cl/5970050
This commit is contained in:
parent
81f534b216
commit
56024fa64e
@ -61,16 +61,16 @@ func (e EscapeError) Error() string {
|
||||
}
|
||||
|
||||
// Return true if the specified character should be escaped when
|
||||
// appearing in a URL string, according to RFC 2396.
|
||||
// appearing in a URL string, according to RFC 3986.
|
||||
// When 'all' is true the full range of reserved characters are matched.
|
||||
func shouldEscape(c byte, mode encoding) bool {
|
||||
// RFC 2396 §2.3 Unreserved characters (alphanum)
|
||||
// §2.3 Unreserved characters (alphanum)
|
||||
if 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z' || '0' <= c && c <= '9' {
|
||||
return false
|
||||
}
|
||||
// TODO: Update the character sets after RFC 3986.
|
||||
|
||||
switch c {
|
||||
case '-', '_', '.', '!', '~', '*', '\'', '(', ')': // §2.3 Unreserved characters (mark)
|
||||
case '-', '_', '.', '~': // §2.3 Unreserved characters (mark)
|
||||
return false
|
||||
|
||||
case '$', '&', '+', ',', '/', ':', ';', '=', '?', '@': // §2.2 Reserved characters (reserved)
|
||||
|
@ -394,8 +394,8 @@ var escapeTests = []EscapeTest{
|
||||
nil,
|
||||
},
|
||||
{
|
||||
" ?&=#+%!<>#\"{}|\\^[]`☺\t",
|
||||
"+%3F%26%3D%23%2B%25!%3C%3E%23%22%7B%7D%7C%5C%5E%5B%5D%60%E2%98%BA%09",
|
||||
" ?&=#+%!<>#\"{}|\\^[]`☺\t:/@$'()*,;",
|
||||
"+%3F%26%3D%23%2B%25%21%3C%3E%23%22%7B%7D%7C%5C%5E%5B%5D%60%E2%98%BA%09%3A%2F%40%24%27%28%29%2A%2C%3B",
|
||||
nil,
|
||||
},
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user