net/url: Correctly escape URL as per RFC 3986

The shouldEscape function did not correctly escape the reserved characters listed in RFC 3986 §2.2, breaking some strict web servers. Fixes #3433. R=rsc CC=golang-dev https://golang.org/cl/5970050
2024-11-20 02:04:39 -07:00 · 2012-04-05 13:23:08 -04:00 · 2012-04-05 13:23:08 -04:00 · 56024fa64e
commit 56024fa64e
parent 81f534b216
2 changed files with 6 additions and 6 deletions
--- a/src/pkg/net/url/url.go
+++ b/src/pkg/net/url/url.go
@ -61,16 +61,16 @@ func (e EscapeError) Error() string {
 }

 // Return true if the specified character should be escaped when
-// appearing in a URL string, according to RFC 2396.
+// appearing in a URL string, according to RFC 3986.
 // When 'all' is true the full range of reserved characters are matched.
 func shouldEscape(c byte, mode encoding) bool {
-	// RFC 2396 §2.3 Unreserved characters (alphanum)
+	// §2.3 Unreserved characters (alphanum)
 	if 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z' || '0' <= c && c <= '9' {
 		return false
 	}
-	// TODO: Update the character sets after RFC 3986.
+
 	switch c {
-	case '-', '_', '.', '!', '~', '*', '\'', '(', ')': // §2.3 Unreserved characters (mark)
+	case '-', '_', '.', '~': // §2.3 Unreserved characters (mark)
 		return false

 	case '$', '&', '+', ',', '/', ':', ';', '=', '?', '@': // §2.2 Reserved characters (reserved)
--- a/src/pkg/net/url/url_test.go
+++ b/src/pkg/net/url/url_test.go
@ -394,8 +394,8 @@ var escapeTests = []EscapeTest{
 		nil,
 	},
 	{
-		" ?&=#+%!<>#\"{}|\\^[]`☺\t",
-		"+%3F%26%3D%23%2B%25!%3C%3E%23%22%7B%7D%7C%5C%5E%5B%5D%60%E2%98%BA%09",
+		" ?&=#+%!<>#\"{}|\\^[]`☺\t:/@$'()*,;",
+		"+%3F%26%3D%23%2B%25%21%3C%3E%23%22%7B%7D%7C%5C%5E%5B%5D%60%E2%98%BA%09%3A%2F%40%24%27%28%29%2A%2C%3B",
 		nil,
 	},
 }