net/url: PathEscape treatment of reserved characters is inconsistent #27559
Description
; and , are permitted by RFC 3986 in path segments, but PathEscape percent-encodes them because "URI producing applications often use the reserved characters allowed in a segment to delimit scheme-specific or dereference-handler-specific subcomponents". However, it does not escape other reserved characters potentially subject to the same kind of special treatment:
=is "often used to delimit parameters and parameter values", particularly in conjunction with;(e.g., "name;v=1.1").is used in.and.."dot-segments" to "indicate relative position within the hierarchical tree of names… interpreted within the URI path hierarchy… removed as part of the resolution process".:is not allowed in the first path segment of a relative-path reference, "as it would be mistaken for a scheme name" (e.g., a URI reference of "foo:bar/baz/quux" is very different from "foo-bar/baz/quux").
What version of Go are you using (go version)?
1.11
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (go env)?
linux amd64
What did you do?
https://play.golang.org/p/f-byVa3k2gi
pathSegments := []string{"non-scheme:non-authority", "foo=bar;bar=baz", ".."}
for i, segment := range pathSegments {
pathSegments[i] = url.PathEscape(segment)
}
fmt.Println(strings.Join(pathSegments, "/"))What did you expect to see?
non-scheme%3Anon-authority/foo%3Dbar%3Bbar%3Dbaz/%2E%2E (all potentially special characters percent-encoded), or maybe non-scheme:non-authority/foo=bar;bar=baz/.. (no characters percent-encoded unless required by RFC).
What did you see instead?
non-scheme:non-authority/foo=bar%3Bbar=baz/..