Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: http.NewRequest url escape bug #34492

Closed
skynet-core opened this issue Sep 24, 2019 · 5 comments
Closed

net/http: http.NewRequest url escape bug #34492

skynet-core opened this issue Sep 24, 2019 · 5 comments
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.

Comments

@skynet-core
Copy link

What version of Go are you using (go version)?

$ go version
go version go1.13 darwin/amd64

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/skynet/Library/Caches/go-build"
GOENV="/Users/skynet/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/skynet/Dev/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.13/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.13/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build196413044=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

Tried to perform GET request to custom API
See: https://play.golang.org/p/FwW8Krub1Jx

What did you expect to see?

(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=%23%23%23%23)and(product_version=%23%23%23%23)and(file_version=%23%23%23%23)and(executable_path=/users/%23%23%23%23/library/application%20support/code/user/globalstorage/ms-vsliveshare.vsliveshare-audio/electron-4.2.7/dist/electron.app/contents/frameworks/electron%20framework.framework/versions/a/resources/crashpad_handler)and(executable_file=crashpad_handler)and(os_type_id=2)and(is_registry=false)and(md5=2fb75dffaf3b2120eba70796315298ee)and(is_terminal_server=false)and(sha1=7812b592cce8bba94cf6b465553bac3e26f3f332)

What did you see instead?

(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=#%23%23%23)and(product_version=%23%23%23%23)and(file_version=%23%23%23%23)and(executable_path=/users/%23%23%23%23/library/application%20support/code/user/globalstorage/ms-vsliveshare.vsliveshare-audio/electron-4.2.7/dist/electron.app/contents/frameworks/electron%20framework.framework/versions/a/resources/crashpad_handler)and(executable_file=crashpad_handler)and(os_type_id=2)and(is_registry=false)and(md5=2fb75dffaf3b2120eba70796315298ee)and(is_terminal_server=false)and(sha1=7812b592cce8bba94cf6b465553bac3e26f3f332)
@mvdan
Copy link
Member

mvdan commented Sep 24, 2019

Please clarify why you expected the output to be different.

@mvdan mvdan added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Sep 24, 2019
@skynet-core
Copy link
Author

@mvdan, I think
/query?=(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=####)
should look like
/query?=(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=%23%23%23%23)
but not
/query?=(product_name=crashpad_handler)and(product_desc=crashpad_handler)and(manufacturer=#%23%23%23)
Am I wrong here?

@mvdan
Copy link
Member

mvdan commented Sep 24, 2019

Part of your URL is being parsed as a fragment: https://play.golang.org/p/1MMWrNCZJfa

If you really want your query to contain hash characters, you should construct the URL manually, or pass them through url.QueryEscape first.

In the future, for questions, see https://golang.org/wiki/Questions.

@mvdan mvdan closed this as completed Sep 24, 2019
@DisposaBoy
Copy link

@skynet-core
I'm stating the obvious... but that URL contains a fragment/hash/# and query values don't need to be set, so given name=#, name is empty.

I'm sure if you try it in a browser you'll see this more clearly.

@skynet-core
Copy link
Author

@DisposaBoy, thank you a lot for your explanation, the problem that I can't change this behavior, because there are othe clients of that API exist (C++,JS(fetch)) and they don't run into issues with query escaping... url.QueryEscape didn't solve my problem because I it doesn't encode = in this case ans some other chars...
Anyway, thank you for help.

@golang golang locked and limited conversation to collaborators Sep 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@DisposaBoy @mvdan @gopherbot @skynet-core