From eb18481efb8673a67bf7843e6f97bccb66c3f65c Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Wed, 23 Dec 2015 19:26:48 +0200 Subject: [PATCH] Escape query args chars according to http://www.w3.org/TR/html5/forms.html#form-submission-algorithm --- args_test.go | 4 ++-- bytesconv.go | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/args_test.go b/args_test.go index f994217..e238272 100644 --- a/args_test.go +++ b/args_test.go @@ -10,7 +10,7 @@ import ( func TestArgsEscape(t *testing.T) { testArgsEscape(t, "foo", "bar", "foo=bar") testArgsEscape(t, "f.o,1:2/4", "~`!@#$%^&*()_-=+\\|/[]{};:'\"<>,./?", - "f.o,1:2/4=%7E%60%21%40%23%24%25%5E%26%2A%28%29_-%3D%2B%5C%7C/%5B%5D%7B%7D%3B:%27%22%3C%3E,./%3F") + "f.o%2C1%3A2%2F4=%7E%60%21%40%23%24%25%5E%26*%28%29_-%3D%2B%5C%7C%2F%5B%5D%7B%7D%3B%3A%27%22%3C%3E%2C.%2F%3F") } func testArgsEscape(t *testing.T, k, v, expectedS string) { @@ -153,7 +153,7 @@ func TestArgsString(t *testing.T) { testArgsString(t, &a, "foo=bar") testArgsString(t, &a, "foo=bar&baz=sss") testArgsString(t, &a, "") - testArgsString(t, &a, "f%20o=x.x/x%D0%BF%D1%80%D0%B8%D0%B2%D0%B5aaa&sdf=ss") + testArgsString(t, &a, "f%20o=x.x*-_8x%D0%BF%D1%80%D0%B8%D0%B2%D0%B5aaa&sdf=ss") testArgsString(t, &a, "=asdfsdf") } diff --git a/bytesconv.go b/bytesconv.go index 1ac46c3..216e0ea 100644 --- a/bytesconv.go +++ b/bytesconv.go @@ -311,8 +311,9 @@ func unsafeBytesToStr(b []byte) string { func appendQuotedArg(dst, v []byte) []byte { for _, c := range v { + // See http://www.w3.org/TR/html5/forms.html#form-submission-algorithm if c >= 'a' && c <= 'z' || c >= 'A' && c <= 'Z' || c >= '0' && c <= '9' || - c == '/' || c == '.' || c == ',' || c == ':' || c == '-' || c == '_' { + c == '*' || c == '-' || c == '.' || c == '_' { dst = append(dst, c) } else { dst = append(dst, '%', hexCharUpper(c>>4), hexCharUpper(c&15))