Dot-related inconsistencies in url.absolute()

[nnposter]

NSE function url.absolute() is not always returning results according to RFC 3986 when . or .. are involved.

• One prominent category of cases is when .. exceeds the path depth
• Terminal . and .. are treated differently when they are followed by / or not
• Normalization does not happen if the second argument is already absolute
• A few bugs

Here are the test suite results:

arg1      arg2      output    RFC
"a"       "."       "."       ""
"a"       "./"      ""        ""
".."      "b"       "b"       "b"
"../"     "b"       "../b"    "b"
"/"       ".."      ""        "/"
"/"       "../"     ""        "/"
"/../"    ".."      ".."      "/"
"/../"    "../"     "../"     "/"
"a/.."    "b"       "a/b"     "b"
"a/../"   "b"       "b"       "b"
"/a/.."   ""        "/a/"     "/"
""        "/a/.."   "/a/.."   "/"

I do have code that faithfully follows the RFC but the impact of this change is hard to gauge. In particular it could cause problems in contexts where the function is used to join two relative paths because the function would remove excessive .., possibly prematurely.

Please comment whether it is worth implementing this fix or whether we should add url.absolute2() for the correct behavior.

[cldrn]

Hey,

I think we should stick to the RFC. There shouldn't be a lot of scripts affected by this and if they are, we can easily fix them and at the end we will be RFC compliant.