http.URLEscape: escape all bytes required by RFC 2396

Fixes #125.

R=r
https://golang.org/cl/154143

diff --git a/src/pkg/http/url.go b/src/pkg/http/url.go
index 9d7ac495f0afce3f9bbc59124c45c5097dae4508..95d9bed738cfdf8b2a94acc6bc800de71f9549a1 100644 (file)
--- a/src/pkg/http/url.go
+++ b/src/pkg/http/url.go
@@ -52,14 +52,16 @@ func (e URLEscapeError) String() string {
        return "invalid URL escape " + strconv.Quote(string(e))
 }
 
-// Return true if the specified character should be escaped when appearing in a
-// URL string.
-//
-// TODO: for now, this is a hack; it only flags a few common characters that have
-// special meaning in URLs.  That will get the job done in the common cases.
+// Return true if the specified character should be escaped when
+// appearing in a URL string, according to RFC 2396.
 func shouldEscape(c byte) bool {
+       if c <= ' ' || c >= 0x7F {
+               return true
+       }
        switch c {
-       case ' ', '?', '&', '=', '#', '+', '%':
+       case '<', '>', '#', '%', '"',   // RFC 2396 delims
+               '{', '}', '|', '\\', '^', '[', ']', '`',        // RFC2396 unwise
+               '?', '&', '=', '+':     // RFC 2396 reserved in path
                return true
        }
        return false;

diff --git a/src/pkg/http/url_test.go b/src/pkg/http/url_test.go
index b8df71971bbff69a95806c9476578cdb59ca4ba5..2f9707a2ecb36c264beee668c1aa40dd7c2614b6 100644 (file)
--- a/src/pkg/http/url_test.go
+++ b/src/pkg/http/url_test.go
@@ -335,8 +335,8 @@ var escapeTests = []URLEscapeTest{
                nil,
        },
        URLEscapeTest{
-               " ?&=#+%!",
-               "+%3f%26%3d%23%2b%25!",
+               " ?&=#+%!<>#\"{}|\\^[]`☺\t",
+               "+%3f%26%3d%23%2b%25!%3c%3e%23%22%7b%7d%7c%5c%5e%5b%5d%60%e2%98%ba%09",
                nil,
        },
 }