Switch uri to RFC3986 by default, match/fix docs.

The documentation said 2.26 switched to RFC3986 by default, but it did not; that "~" would be escaped, but it never has been; and did not document that '"' would now be correctly escaped.
abw · Jan 2, 2018 · b0620f4 · b0620f4
1 parent 4c602d0
commit b0620f4
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/Changes b/Changes
@@ -10,6 +10,15 @@
 #
 #========================================================================
 
+#-----------------------------------------------------------------------
+# Unreleased
+#------------------------------------------------------------------------
+
+* Matthew Somerville switched uri/url to use RFC3986 as per the docs, and
+  updated the documentation to match the history.
+  https://github.com/abw/Template2/issues/35
+
+
 #-----------------------------------------------------------------------
 # Version 2.27 - 13th December 2016
 #------------------------------------------------------------------------

diff --git a/lib/Template/Filters.pm b/lib/Template/Filters.pm
@@ -264,10 +264,10 @@ sub _dump {
 #-----------------------------------------------------------------------
 
 our $UNSAFE_SPEC = {
-    RFC2732 => q{A-Za-z0-9\-_.!~*'()},
-    RFC3986 => q{A-Za-z0-9\-\._~},
+    RFC2732 => q{A-Za-z0-9\-_.~!*'()},
+    RFC3986 => q{A-Za-z0-9\-_.~},
 };
-our $UNSAFE_CHARS = $UNSAFE_SPEC->{ RFC2732 };
+our $UNSAFE_CHARS = $UNSAFE_SPEC->{ RFC3986 };
 our $URI_REGEX;
 our $URL_REGEX;
 our $URI_ESCAPES;

diff --git a/lib/Template/Manual/Filters.pod b/lib/Template/Manual/Filters.pod
@@ -262,11 +262,14 @@ RFC 2396 specification (since superceded by RFC2732 and RFC3986).  So we
 fixed it in 2.16 and provided the url filter to implement the old behaviour 
 of not encoding reserved characters.
 
-As of version 2.26 of the Template Toolkit, the C<uri> and L<url> filters
+As of version 2.28 of the Template Toolkit, the C<uri> and L<url> filters
 use the unsafe character set defined by RFC3986.  This means that certain
-characters ("(", ")", "~", "*", "!" and the single quote "'") are now deemed
-unsafe and will be escaped as hex character sequences.  The double quote
-character ('"') is now deemed safe and will not be escaped.
+characters ("(", ")", "*", "!", "'", and '"') are now deemed unsafe and
+will be escaped as hex character sequences.
+
+The ability to use the RFC3986 character set was added in 2.26 but not
+enabled by default; double quote was incorrectly deemed safe in 2.26 but
+correctly escaped in 2.27.
 
 If you want to enable the old behaviour then call the C<use_rfc2732()>
 method in L<Template::Filters>