Closed
Description
What version of Go are you using (go version)?
$ go version go version go1.12.1 linux/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GOARCH="amd64" GOBIN="" GOCACHE="/home/I859592/.cache/go-build" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOOS="linux" GOPATH="/home/I859592/go" GOPROXY="" GORACE="" GOROOT="/usr/local/go" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64" GCCGO="gccgo" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build080205514=/tmp/go-build -gno-record-gcc-switches"
What did you do?
Perform an HTTP request that fails by returning an error message that does not contain the password.
Playground link: https://play.golang.org/p/1MA3niQ8-sG
What did you expect to see?
Password replaced with asterisks in the error message. As the Playground code shows, this does happen when the password doesn't contain any URL-encoded characters (probably from the fix for #24572).
What did you see instead?
Password with URL-encoded characters is visible in the error message.