net/http: RawPath shows inconsistent, case-sensitive behaviour with percentage encoded Unicode URI strings #33596
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?Any environment
go env
OutputWhat did you do?
What did you expect to see?
url.PathEscape("😋") => %F0%9F%98%8B
/link/%F0%9F%98%8B
(A) and/link/%f0%9f%98%8b
(B) (upper and lower case respectively) are equivalent as per RFC 3986. Anhttp.HandlerFunc()
handling either of the URLs is expected to show consistent behaviour.What did you see instead?
An http handler that processes the identical URIs A and B behaves differently. B, which has uppercase characters, produces an empty
http.Request.URL.RawPath
where as A that has lowercase characters produces anhttp.Request.URL.RawPath
with unescaped characters. This breaks Unicode URL handling in popular HTTP routers like chi and httprouter.Discovered this inconsistency when using
html/template
that encodes Unicode strings in<a>
to have lowercase characters as opposed tourl.PathEscape
that produces uppercase characters.The text was updated successfully, but these errors were encountered: