According to RFC-3986, the sub-delims chars should not be escaped in
fragment.
So this change fixes current behavior a bit.
Fixes #19917
Change-Id: I1a8deb93255d979532f75bae183c3fb53a05d395
Reviewed-on: https://go-review.googlesource.com/61650
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
}
}
+ if mode == encodeFragment {
+ // RFC 3986 §2.2 allows not escaping sub-delims. A subset of sub-delims are
+ // included in reserved from RFC 2396 §2.2. The remaining sub-delims do not
+ // need to be escaped. To minimize potential breakage, we apply two restrictions:
+ // (1) we always escape sub-delims outside of the fragment, and (2) we always
+ // escape single quote to avoid breaking callers that had previously assumed that
+ // single quotes would be escaped. See issue #19917.
+ switch c {
+ case '!', '(', ')', '*':
+ return false
+ }
+ }
+
// Everything else must be escaped.
return true
}
// Fragment
{"http://foo.com/bar", ".#frag", "http://foo.com/#frag"},
+ {"http://example.org/", "#!$&%27()*+,;=", "http://example.org/#!$&%27()*+,;="},
// Paths with escaping (issue 16947).
{"http://foo.com/foo%2fbar/", "../baz", "http://foo.com/baz"},