From d6df73ce406669b75ef9957160dd8fd4070354f4 Mon Sep 17 00:00:00 2001
From: Sean Liao <sean@liao.dev>
Date: Thu, 31 Oct 2024 00:21:38 +0000
Subject: [PATCH] net/http: clarify ServeMux path sanitization

For #70130

Change-Id: Idd7ca3d11b78887709b83dd5c868de9cc506ecff
Reviewed-on: https://go-review.googlesource.com/c/go/+/623835
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
---
 src/net/http/server.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/net/http/server.go b/src/net/http/server.go
index bd16eeb08e..db44e7c5c2 100644
--- a/src/net/http/server.go
+++ b/src/net/http/server.go
@@ -2480,6 +2480,8 @@ func RedirectHandler(url string, code int) Handler {
 // ServeMux also takes care of sanitizing the URL request path and the Host
 // header, stripping the port number and redirecting any request containing . or
 // .. segments or repeated slashes to an equivalent, cleaner URL.
+// Escaped path elements such as "%2e" for "." and "%2f" for "/" are preserved
+// and aren't considered separators for request routing.
 //
 // # Compatibility
 //