| blob | 80eb7a86c8de26f3e3110c1f0da58a4281d8b2ef |
1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package url parses URLs and implements query escaping.
6 package url
8 // See RFC 3986. This package generally follows RFC 3986, except where
9 // it deviates for compatibility reasons. When sending changes, first
10 // search old issues for history on decisions. Unit tests should also
11 // contain references to issue numbers with details.
14 "errors"
15 "fmt"
16 "sort"
17 "strconv"
18 "strings"
19 )
21 // Error reports an error and the operation and URL that caused it.
23 Op string
24 URL string
25 Err error
26 }
32 }
37 }
41 }
46 }
56 }
58 }
68 }
70 }
76 encodePathSegment
77 encodeHost
78 encodeZone
79 encodeUserPassword
80 encodeQueryComponent
81 encodeFragment
82 )
88 }
94 }
96 // Return true if the specified character should be escaped when
97 // appearing in a URL string, according to RFC 3986.
98 //
99 // Please be informed that for now shouldEscape does not check all
100 // reserved characters correctly. See golang.org/issue/5684.
102 // §2.3 Unreserved characters (alphanum)
105 }
108 // §3.2.2 Host allows
109 // sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
110 // as part of reg-name.
111 // We add : because we include :port as part of host.
112 // We add [ ] because we include [ipv6]:port as part of host.
113 // We add < > because they're the only characters left that
114 // we could possibly allow, and Parse will reject them if we
115 // escape them (because hosts can't use %-encoding for
116 // ASCII bytes).
120 }
121 }
128 // Different sections of the URL allow a few of
129 // the reserved characters to appear unescaped.
132 // The RFC allows : @ & = + $ but saves / ; , for assigning
133 // meaning to individual path segments. This package
134 // only manipulates the path as a whole, so we allow those
135 // last three as well. That leaves only ? to escape.
139 // The RFC allows : @ & = + $ but saves / ; , for assigning
140 // meaning to individual path segments.
144 // The RFC allows ';', ':', '&', '=', '+', '$', and ',' in
145 // userinfo, so we must escape only '@', '/', and '?'.
146 // The parsing of userinfo treats ':' as special so we must escape
147 // that too.
151 // The RFC reserves (so we must escape) everything.
155 // The RFC text is silent but the grammar allows
156 // everything, so escape nothing.
158 }
159 }
162 // RFC 3986 §2.2 allows not escaping sub-delims. A subset of sub-delims are
163 // included in reserved from RFC 2396 §2.2. The remaining sub-delims do not
164 // need to be escaped. To minimize potential breakage, we apply two restrictions:
165 // (1) we always escape sub-delims outside of the fragment, and (2) we always
166 // escape single quote to avoid breaking callers that had previously assumed that
167 // single quotes would be escaped. See issue #19917.
171 }
172 }
174 // Everything else must be escaped.
176 }
178 // QueryUnescape does the inverse transformation of QueryEscape,
179 // converting each 3-byte encoded substring of the form "%AB" into the
180 // hex-decoded byte 0xAB.
181 // It returns an error if any % is not followed by two hexadecimal
182 // digits.
185 }
187 // PathUnescape does the inverse transformation of PathEscape,
188 // converting each 3-byte encoded substring of the form "%AB" into the
189 // hex-decoded byte 0xAB. It returns an error if any % is not followed
190 // by two hexadecimal digits.
191 //
192 // PathUnescape is identical to QueryUnescape except that it does not
193 // unescape '+' to ' ' (space).
196 }
198 // unescape unescapes a string; the mode specifies
199 // which section of the URL string is being unescaped.
201 // Count %, check that they're well-formed.
207 n++
212 }
214 }
215 // Per https://tools.ietf.org/html/rfc3986#page-21
216 // in the host component %-encoding can only be used
217 // for non-ASCII bytes.
218 // But https://tools.ietf.org/html/rfc6874#section-2
219 // introduces %25 being allowed to escape a percent sign
220 // in IPv6 scoped-address literals. Yay.
223 }
225 // RFC 6874 says basically "anything goes" for zone identifiers
226 // and that even non-ASCII can be redundantly escaped,
227 // but it seems prudent to restrict %-escaped bytes here to those
228 // that are valid host name bytes in their unescaped form.
229 // That is, you can use escaping in the zone identifier but not
230 // to introduce bytes you couldn't just write directly.
231 // But Windows puts spaces here! Yay.
235 }
236 }
240 i++
244 }
245 i++
246 }
247 }
251 }
259 j++
266 }
267 j++
268 i++
271 j++
272 i++
273 }
274 }
276 }
278 // QueryEscape escapes the string so it can be safely placed
279 // inside a URL query.
282 }
284 // PathEscape escapes the string so it can be safely placed
285 // inside a URL path segment.
288 }
296 spaceCount++
298 hexCount++
299 }
300 }
301 }
304 return s
305 }
313 j++
321 j++
322 }
323 }
325 }
327 // A URL represents a parsed URL (technically, a URI reference).
328 //
329 // The general form represented is:
330 //
331 // [scheme:][//[userinfo@]host][/]path[?query][#fragment]
332 //
333 // URLs that do not start with a slash after the scheme are interpreted as:
334 //
335 // scheme:opaque[?query][#fragment]
336 //
337 // Note that the Path field is stored in decoded form: /%47%6f%2f becomes /Go/.
338 // A consequence is that it is impossible to tell which slashes in the Path were
339 // slashes in the raw URL and which were %2f. This distinction is rarely important,
340 // but when it is, code must not use Path directly.
341 // The Parse function sets both Path and RawPath in the URL it returns,
342 // and URL's String method uses RawPath if it is a valid encoding of Path,
343 // by calling the EscapedPath method.
345 Scheme string
354 }
356 // User returns a Userinfo containing the provided username
357 // and no password set.
360 }
362 // UserPassword returns a Userinfo containing the provided username
363 // and password.
364 //
365 // This functionality should only be used with legacy web sites.
366 // RFC 2396 warns that interpreting Userinfo this way
367 // ``is NOT RECOMMENDED, because the passing of authentication
368 // information in clear text (such as URI) has proven to be a
369 // security risk in almost every case where it has been used.''
372 }
374 // The Userinfo type is an immutable encapsulation of username and
375 // password details for a URL. An existing Userinfo value is guaranteed
376 // to have a username set (potentially empty, as allowed by RFC 2396),
377 // and optionally a password.
379 username string
380 password string
381 passwordSet bool
382 }
384 // Username returns the username.
388 }
390 }
392 // Password returns the password in case it is set, and whether it is set.
396 }
398 }
400 // String returns the encoded userinfo information in the standard form
401 // of "username[:password]".
405 }
409 }
410 return s
411 }
413 // Maybe rawurl is of the form scheme:path.
414 // (Scheme must be [a-zA-Z][a-zA-Z0-9+-.]*)
415 // If so, return scheme, path; else return "", rawurl.
421 // do nothing
425 }
429 }
432 // we have encountered an invalid character,
433 // so there is no valid scheme
435 }
436 }
438 }
440 // Maybe s is of the form t c u.
441 // If so, return t, c u (or t, u if cutc == true).
442 // If not, return s, "".
447 }
450 }
452 }
454 // Parse parses rawurl into a URL structure.
455 //
456 // The rawurl may be relative (a path, without a host) or absolute
457 // (starting with a scheme). Trying to parse a hostname and path
458 // without a scheme is invalid but may not necessarily return an
459 // error, due to parsing ambiguities.
461 // Cut off #frag
466 }
469 }
472 }
474 }
476 // ParseRequestURI parses rawurl into a URL structure. It assumes that
477 // rawurl was received in an HTTP request, so the rawurl is interpreted
478 // only as an absolute URI or an absolute path.
479 // The string rawurl is assumed not to have a #fragment suffix.
480 // (Web browsers strip #fragment before sending the URL to a web server.)
485 }
487 }
489 // parse parses a URL from a string in one of two contexts. If
490 // viaRequest is true, the URL is assumed to have arrived via an HTTP request,
491 // in which case only absolute URLs or path-absolute relative URLs are allowed.
492 // If viaRequest is false, all forms of relative URLs are allowed.
495 var err error
499 }
505 }
507 // Split off possible leading "http:", "mailto:", etc.
508 // Cannot contain escaped characters.
511 }
519 }
523 // We consider rootless paths per RFC 3986 as opaque.
526 }
529 }
531 // Avoid confusion with malformed schemes, like cache_object:foo/bar.
532 // See golang.org/issue/16822.
533 //
534 // RFC 3986, §3.3:
535 // In addition, a URI reference (Section 4.1) may be a relative-path reference,
536 // in which case the first path segment cannot contain a colon (":") character.
540 // First path segment has colon. Not allowed in relative URL.
542 }
543 }
545 if (url.Scheme != "" || !viaRequest && !strings.HasPrefix(rest, "///")) && strings.HasPrefix(rest, "//") {
551 }
552 }
553 // Set Path and, optionally, RawPath.
554 // RawPath is a hint of the encoding of Path. We don't want to set it if
555 // the default escaping of Path is equivalent, to help make sure that people
556 // don't rely on it in general.
559 }
561 }
569 }
572 }
575 }
579 }
583 }
589 }
592 }
594 }
596 }
598 // parseHost parses host as an authority without user
599 // information. That is, as host[:port].
602 // Parse an IP-Literal in RFC 3986 and RFC 6874.
603 // E.g., "[fe80::1]", "[fe80::1%25en0]", "[fe80::1]:80".
607 }
611 }
613 // RFC 6874 defines that %25 (%-encoded percent) introduces
614 // the zone identifier, and the zone identifier can use basically
615 // any %-encoding it likes. That's different from the host, which
616 // can only %-encode non-ASCII bytes.
617 // We do impose some restrictions on the zone, to avoid stupidity
618 // like newlines.
624 }
628 }
632 }
634 }
635 }
637 var err error
640 }
642 }
644 // setPath sets the Path and RawPath fields of the URL based on the provided
645 // escaped path p. It maintains the invariant that RawPath is only specified
646 // when it differs from the default encoding of the path.
647 // For example:
648 // - setPath("/foo/bar") will set Path="/foo/bar" and RawPath=""
649 // - setPath("/foo%2fbar") will set Path="/foo/bar" and RawPath="/foo%2fbar"
650 // setPath will return an error only if the provided path contains an invalid
651 // escaping.
655 return err
656 }
659 // Default encoding is fine.
663 }
665 }
667 // EscapedPath returns the escaped form of u.Path.
668 // In general there are multiple possible escaped forms of any path.
669 // EscapedPath returns u.RawPath when it is a valid escaping of u.Path.
670 // Otherwise EscapedPath ignores u.RawPath and computes an escaped
671 // form on its own.
672 // The String and RequestURI methods use EscapedPath to construct
673 // their results.
674 // In general, code should call EscapedPath instead of
675 // reading u.RawPath directly.
681 }
682 }
685 }
687 }
689 // validEncodedPath reports whether s is a valid encoded path.
690 // It must not contain any bytes that require escaping during path encoding.
693 // RFC 3986, Appendix A.
694 // pchar = unreserved / pct-encoded / sub-delims / ":" / "@".
695 // shouldEscape is not quite compliant with the RFC,
696 // so we check the sub-delims ourselves and let
697 // shouldEscape handle the others.
700 // ok
702 // ok - not specified in RFC 3986 but left alone by modern browsers
704 // ok - percent encoded, will decode
708 }
709 }
710 }
712 }
714 // validOptionalPort reports whether port is either an empty string
715 // or matches /^:\d*$/
719 }
722 }
726 }
727 }
729 }
731 // String reassembles the URL into a valid URL string.
732 // The general form of the result is one of:
733 //
734 // scheme:opaque?query#fragment
735 // scheme://userinfo@host/path?query#fragment
736 //
737 // If u.Opaque is non-empty, String uses the first form;
738 // otherwise it uses the second form.
739 // To obtain the path, String uses u.EscapedPath().
740 //
741 // In the second form, the following rules apply:
742 // - if u.Scheme is empty, scheme: is omitted.
743 // - if u.User is nil, userinfo@ is omitted.
744 // - if u.Host is empty, host/ is omitted.
745 // - if u.Scheme and u.Host are empty and u.User is nil,
746 // the entire scheme://userinfo@host/ is omitted.
747 // - if u.Host is non-empty and u.Path begins with a /,
748 // the form host/path does not add its own /.
749 // - if u.RawQuery is empty, ?query is omitted.
750 // - if u.Fragment is empty, #fragment is omitted.
756 }
763 }
767 }
770 }
771 }
775 }
777 // RFC 3986 §4.2
778 // A path segment that contains a colon character (e.g., "this:that")
779 // cannot be used as the first segment of a relative-path reference, as
780 // it would be mistaken for a scheme name. Such a segment must be
781 // preceded by a dot-segment (e.g., "./this:that") to make a relative-
782 // path reference.
785 }
786 }
788 }
792 }
796 }
798 }
800 // Values maps a string key to a list of values.
801 // It is typically used for query parameters and form values.
802 // Unlike in the http.Header map, the keys in a Values map
803 // are case-sensitive.
806 // Get gets the first value associated with the given key.
807 // If there are no values associated with the key, Get returns
808 // the empty string. To access multiple values, use the map
809 // directly.
813 }
817 }
819 }
821 // Set sets the key to value. It replaces any existing
822 // values.
825 }
827 // Add adds the value to key. It appends to any existing
828 // values associated with key.
831 }
833 // Del deletes the values associated with key.
836 }
838 // ParseQuery parses the URL-encoded query string and returns
839 // a map listing the values specified for each key.
840 // ParseQuery always returns a non-nil map containing all the
841 // valid query parameters found; err describes the first decoding error
842 // encountered, if any.
843 //
844 // Query is expected to be a list of key=value settings separated by
845 // ampersands or semicolons. A setting without an equals sign is
846 // interpreted as a key set to an empty value.
851 }
855 key := query
860 }
862 continue
863 }
867 }
871 err = err1
872 }
873 continue
874 }
878 err = err1
879 }
880 continue
881 }
883 }
884 return err
885 }
887 // Encode encodes the values into ``URL encoded'' form
888 // ("bar=baz&foo=quux") sorted by key.
892 }
897 }
905 }
909 }
910 }
912 }
914 // resolvePath applies special path segments from refs and applies
915 // them to base, per RFC 3986.
919 full = base
924 full = ref
925 }
928 }
934 // drop
938 }
941 }
942 }
944 // Add final slash to the joined path.
946 }
948 }
950 // IsAbs reports whether the URL is absolute.
951 // Absolute means that it has a non-empty scheme.
954 }
956 // Parse parses a URL in the context of the receiver. The provided URL
957 // may be relative or absolute. Parse returns nil, err on parse
958 // failure, otherwise its return value is the same as ResolveReference.
963 }
965 }
967 // ResolveReference resolves a URI reference to an absolute URI from
968 // an absolute base URI u, per RFC 3986 Section 5.2. The URI reference
969 // may be relative or absolute. ResolveReference always returns a new
970 // URL instance, even if the returned URL is identical to either the
971 // base or reference. If ref is an absolute URL, then ResolveReference
972 // ignores base and returns a copy of ref.
974 url := *ref
977 }
979 // The "absoluteURI" or "net_path" cases.
980 // We can ignore the error from setPath since we know we provided a
981 // validly-escaped path.
984 }
990 }
995 }
996 }
997 // The "abs_path" or "rel_path" cases.
1002 }
1004 // Query parses RawQuery and returns the corresponding values.
1005 // It silently discards malformed value pairs.
1006 // To check errors use ParseQuery.
1009 return v
1010 }
1012 // RequestURI returns the encoded path?query or opaque?query
1013 // string that would be used in an HTTP request for u.
1020 }
1024 }
1025 }
1028 }
1029 return result
1030 }
1032 // Hostname returns u.Host, without any port number.
1033 //
1034 // If Host is an IPv6 literal with a port number, Hostname returns the
1035 // IPv6 literal without the square brackets. IPv6 literals may include
1036 // a zone identifier.
1039 }
1041 // Port returns the port part of u.Host, without the leading colon.
1042 // If u.Host doesn't contain a port, Port returns an empty string.
1045 }
1050 return hostport
1051 }
1054 }
1056 }
1062 }
1065 }
1068 }
1070 }
1072 // Marshaling interface implementations.
1073 // Would like to implement MarshalText/UnmarshalText but that will change the JSON representation of URLs.
1077 }
1082 return err
1083 }
1086 }
1088 // validUserinfo reports whether s is a valid userinfo string per RFC 3986
1089 // Section 3.2.1:
1090 // userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
1091 // unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
1092 // sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
1093 // / "*" / "+" / "," / ";" / "="
1094 //
1095 // It doesn't validate pct-encoded. The caller does that via func unescape.
1099 continue
1100 }
1102 continue
1103 }
1105 continue
1106 }
1110 continue
1113 }
1114 }
1116 }