Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: http.NewRequest url escape bug #34492

Closed
skynet-core opened this issue Sep 24, 2019 · 5 comments
Closed

net/http: http.NewRequest url escape bug #34492

skynet-core opened this issue Sep 24, 2019 · 5 comments

Comments

@skynet-core
Copy link

@skynet-core skynet-core commented Sep 24, 2019

What version of Go are you using (go version)?

$ go version
go version go1.13 darwin/amd64

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/skynet/Library/Caches/go-build"
GOENV="/Users/skynet/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/skynet/Dev/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.13/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.13/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build196413044=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

Tried to perform GET request to custom API
See: https://play.golang.org/p/FwW8Krub1Jx

What did you expect to see?

(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=%23%23%23%23)and(product_version=%23%23%23%23)and(file_version=%23%23%23%23)and(executable_path=/users/%23%23%23%23/library/application%20support/code/user/globalstorage/ms-vsliveshare.vsliveshare-audio/electron-4.2.7/dist/electron.app/contents/frameworks/electron%20framework.framework/versions/a/resources/crashpad_handler)and(executable_file=crashpad_handler)and(os_type_id=2)and(is_registry=false)and(md5=2fb75dffaf3b2120eba70796315298ee)and(is_terminal_server=false)and(sha1=7812b592cce8bba94cf6b465553bac3e26f3f332)

What did you see instead?

(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=#%23%23%23)and(product_version=%23%23%23%23)and(file_version=%23%23%23%23)and(executable_path=/users/%23%23%23%23/library/application%20support/code/user/globalstorage/ms-vsliveshare.vsliveshare-audio/electron-4.2.7/dist/electron.app/contents/frameworks/electron%20framework.framework/versions/a/resources/crashpad_handler)and(executable_file=crashpad_handler)and(os_type_id=2)and(is_registry=false)and(md5=2fb75dffaf3b2120eba70796315298ee)and(is_terminal_server=false)and(sha1=7812b592cce8bba94cf6b465553bac3e26f3f332)

@mvdan

This comment has been minimized.

Copy link
Member

@mvdan mvdan commented Sep 24, 2019

Please clarify why you expected the output to be different.

@skynet-core

This comment has been minimized.

Copy link
Author

@skynet-core skynet-core commented Sep 24, 2019

@mvdan, I think
/query?=(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=####)
should look like
/query?=(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=%23%23%23%23)
but not
/query?=(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=#%23%23%23)
Am I wrong here?

@mvdan

This comment has been minimized.

Copy link
Member

@mvdan mvdan commented Sep 24, 2019

Part of your URL is being parsed as a fragment: https://play.golang.org/p/1MMWrNCZJfa

If you really want your query to contain hash characters, you should construct the URL manually, or pass them through url.QueryEscape first.

In the future, for questions, see https://golang.org/wiki/Questions.

@mvdan mvdan closed this Sep 24, 2019
@DisposaBoy

This comment has been minimized.

Copy link

@DisposaBoy DisposaBoy commented Sep 24, 2019

@skynet-core
I'm stating the obvious... but that URL contains a fragment/hash/# and query values don't need to be set, so given name=#, name is empty.

I'm sure if you try it in a browser you'll see this more clearly.

@skynet-core

This comment has been minimized.

Copy link
Author

@skynet-core skynet-core commented Sep 24, 2019

@DisposaBoy, thank you a lot for your explanation, the problem that I can't change this behavior, because there are othe clients of that API exist (C++,JS(fetch)) and they don't run into issues with query escaping... url.QueryEscape didn't solve my problem because I it doesn't encode = in this case ans some other chars...
Anyway, thank you for help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.