url.go

     1  // Copyright 2009 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package url parses URLs and implements query escaping.
     6  //
     7  // See RFC 3986. This package generally follows RFC 3986, except where
     8  // it deviates for compatibility reasons.
     9  // RFC 6874 followed for IPv6 zone literals.
    10  
    11  //go:generate go run gen_encoding_table.go
    12  
    13  package url
    14  
    15  // When sending changes, first  search old issues for history on decisions.
    16  // Unit tests should also contain references to issue numbers with details.
    17  
    18  import (
    19  	"errors"
    20  	"fmt"
    21  	"internal/godebug"
    22  	"net/netip"
    23  	"path"
    24  	"slices"
    25  	"strconv"
    26  	"strings"
    27  	_ "unsafe" // for linkname
    28  )
    29  
    30  var urlstrictcolons = godebug.New("urlstrictcolons")
    31  
    32  // Error reports an error and the operation and URL that caused it.
    33  type Error struct {
    34  	Op  string
    35  	URL string
    36  	Err error
    37  }
    38  
    39  func (e *Error) Unwrap() error { return e.Err }
    40  func (e *Error) Error() string { return fmt.Sprintf("%s %q: %s", e.Op, e.URL, e.Err) }
    41  
    42  func (e *Error) Timeout() bool {
    43  	t, ok := e.Err.(interface {
    44  		Timeout() bool
    45  	})
    46  	return ok && t.Timeout()
    47  }
    48  
    49  func (e *Error) Temporary() bool {
    50  	t, ok := e.Err.(interface {
    51  		Temporary() bool
    52  	})
    53  	return ok && t.Temporary()
    54  }
    55  
    56  const upperhex = "0123456789ABCDEF"
    57  
    58  func ishex(c byte) bool {
    59  	return table[c]&hexChar != 0
    60  }
    61  
    62  // Precondition: ishex(c) is true.
    63  func unhex(c byte) byte {
    64  	return 9*(c>>6) + (c & 15)
    65  }
    66  
    67  type EscapeError string
    68  
    69  func (e EscapeError) Error() string {
    70  	return "invalid URL escape " + strconv.Quote(string(e))
    71  }
    72  
    73  type InvalidHostError string
    74  
    75  func (e InvalidHostError) Error() string {
    76  	return "invalid character " + strconv.Quote(string(e)) + " in host name"
    77  }
    78  
    79  // See the reference implementation in gen_encoding_table.go.
    80  func shouldEscape(c byte, mode encoding) bool {
    81  	return table[c]&mode == 0
    82  }
    83  
    84  // QueryUnescape does the inverse transformation of [QueryEscape],
    85  // converting each 3-byte encoded substring of the form "%AB" into the
    86  // hex-decoded byte 0xAB.
    87  // It returns an error if any % is not followed by two hexadecimal
    88  // digits.
    89  func QueryUnescape(s string) (string, error) {
    90  	return unescape(s, encodeQueryComponent)
    91  }
    92  
    93  // PathUnescape does the inverse transformation of [PathEscape],
    94  // converting each 3-byte encoded substring of the form "%AB" into the
    95  // hex-decoded byte 0xAB. It returns an error if any % is not followed
    96  // by two hexadecimal digits.
    97  //
    98  // PathUnescape is identical to [QueryUnescape] except that it does not
    99  // unescape '+' to ' ' (space).
   100  func PathUnescape(s string) (string, error) {
   101  	return unescape(s, encodePathSegment)
   102  }
   103  
   104  // unescape unescapes a string; the mode specifies
   105  // which section of the URL string is being unescaped.
   106  func unescape(s string, mode encoding) (string, error) {
   107  	// Count %, check that they're well-formed.
   108  	n := 0
   109  	hasPlus := false
   110  	for i := 0; i < len(s); {
   111  		switch s[i] {
   112  		case '%':
   113  			n++
   114  			if i+2 >= len(s) || !ishex(s[i+1]) || !ishex(s[i+2]) {
   115  				s = s[i:]
   116  				if len(s) > 3 {
   117  					s = s[:3]
   118  				}
   119  				return "", EscapeError(s)
   120  			}
   121  			// Per https://tools.ietf.org/html/rfc3986#page-21
   122  			// in the host component %-encoding can only be used
   123  			// for non-ASCII bytes.
   124  			// But https://tools.ietf.org/html/rfc6874#section-2
   125  			// introduces %25 being allowed to escape a percent sign
   126  			// in IPv6 scoped-address literals. Yay.
   127  			if mode == encodeHost && unhex(s[i+1]) < 8 && s[i:i+3] != "%25" {
   128  				return "", EscapeError(s[i : i+3])
   129  			}
   130  			if mode == encodeZone {
   131  				// RFC 6874 says basically "anything goes" for zone identifiers
   132  				// and that even non-ASCII can be redundantly escaped,
   133  				// but it seems prudent to restrict %-escaped bytes here to those
   134  				// that are valid host name bytes in their unescaped form.
   135  				// That is, you can use escaping in the zone identifier but not
   136  				// to introduce bytes you couldn't just write directly.
   137  				// But Windows puts spaces here! Yay.
   138  				v := unhex(s[i+1])<<4 | unhex(s[i+2])
   139  				if s[i:i+3] != "%25" && v != ' ' && shouldEscape(v, encodeHost) {
   140  					return "", EscapeError(s[i : i+3])
   141  				}
   142  			}
   143  			i += 3
   144  		case '+':
   145  			hasPlus = mode == encodeQueryComponent
   146  			i++
   147  		default:
   148  			if (mode == encodeHost || mode == encodeZone) && s[i] < 0x80 && shouldEscape(s[i], mode) {
   149  				return "", InvalidHostError(s[i : i+1])
   150  			}
   151  			i++
   152  		}
   153  	}
   154  
   155  	if n == 0 && !hasPlus {
   156  		return s, nil
   157  	}
   158  
   159  	var unescapedPlusSign byte
   160  	switch mode {
   161  	case encodeQueryComponent:
   162  		unescapedPlusSign = ' '
   163  	default:
   164  		unescapedPlusSign = '+'
   165  	}
   166  	var t strings.Builder
   167  	t.Grow(len(s) - 2*n)
   168  	for i := 0; i < len(s); i++ {
   169  		switch s[i] {
   170  		case '%':
   171  			// In the loop above, we established that unhex's precondition is
   172  			// fulfilled for both s[i+1] and s[i+2].
   173  			t.WriteByte(unhex(s[i+1])<<4 | unhex(s[i+2]))
   174  			i += 2
   175  		case '+':
   176  			t.WriteByte(unescapedPlusSign)
   177  		default:
   178  			t.WriteByte(s[i])
   179  		}
   180  	}
   181  	return t.String(), nil
   182  }
   183  
   184  // QueryEscape escapes the string so it can be safely placed
   185  // inside a [URL] query.
   186  func QueryEscape(s string) string {
   187  	return escape(s, encodeQueryComponent)
   188  }
   189  
   190  // PathEscape escapes the string so it can be safely placed inside a [URL] path segment,
   191  // replacing special characters (including /) with %XX sequences as needed.
   192  func PathEscape(s string) string {
   193  	return escape(s, encodePathSegment)
   194  }
   195  
   196  func escape(s string, mode encoding) string {
   197  	spaceCount, hexCount := 0, 0
   198  	for _, c := range []byte(s) {
   199  		if shouldEscape(c, mode) {
   200  			if c == ' ' && mode == encodeQueryComponent {
   201  				spaceCount++
   202  			} else {
   203  				hexCount++
   204  			}
   205  		}
   206  	}
   207  
   208  	if spaceCount == 0 && hexCount == 0 {
   209  		return s
   210  	}
   211  
   212  	var buf [64]byte
   213  	var t []byte
   214  
   215  	required := len(s) + 2*hexCount
   216  	if required <= len(buf) {
   217  		t = buf[:required]
   218  	} else {
   219  		t = make([]byte, required)
   220  	}
   221  
   222  	if hexCount == 0 {
   223  		copy(t, s)
   224  		for i := 0; i < len(s); i++ {
   225  			if s[i] == ' ' {
   226  				t[i] = '+'
   227  			}
   228  		}
   229  		return string(t)
   230  	}
   231  
   232  	j := 0
   233  	for _, c := range []byte(s) {
   234  		switch {
   235  		case c == ' ' && mode == encodeQueryComponent:
   236  			t[j] = '+'
   237  			j++
   238  		case shouldEscape(c, mode):
   239  			t[j] = '%'
   240  			t[j+1] = upperhex[c>>4]
   241  			t[j+2] = upperhex[c&15]
   242  			j += 3
   243  		default:
   244  			t[j] = c
   245  			j++
   246  		}
   247  	}
   248  	return string(t)
   249  }
   250  
   251  // A URL represents a parsed URL (technically, a URI reference).
   252  //
   253  // The general form represented is:
   254  //
   255  //	[scheme:][//[userinfo@]host][/]path[?query][#fragment]
   256  //
   257  // URLs that do not start with a slash after the scheme are interpreted as:
   258  //
   259  //	scheme:opaque[?query][#fragment]
   260  //
   261  // The Host field contains the host and port subcomponents of the URL.
   262  // When the port is present, it is separated from the host with a colon.
   263  // When the host is an IPv6 address, it must be enclosed in square brackets:
   264  // "[fe80::1]:80". The [net.JoinHostPort] function combines a host and port
   265  // into a string suitable for the Host field, adding square brackets to
   266  // the host when necessary.
   267  //
   268  // Note that the Path field is stored in decoded form: /%47%6f%2f becomes /Go/.
   269  // A consequence is that it is impossible to tell which slashes in the Path were
   270  // slashes in the raw URL and which were %2f. This distinction is rarely important,
   271  // but when it is, the code should use the [URL.EscapedPath] method, which preserves
   272  // the original encoding of Path. The Fragment field is also stored in decoded form,
   273  // use [URL.EscapedFragment] to retrieve the original encoding.
   274  //
   275  // The [URL.String] method uses the [URL.EscapedPath] method to obtain the path.
   276  type URL struct {
   277  	Scheme   string
   278  	Opaque   string    // encoded opaque data
   279  	User     *Userinfo // username and password information
   280  	Host     string    // "host" or "host:port" (see Hostname and Port methods)
   281  	Path     string    // path (relative paths may omit leading slash)
   282  	Fragment string    // fragment for references (without '#')
   283  
   284  	// RawQuery contains the encoded query values, without the initial '?'.
   285  	// Use URL.Query to decode the query.
   286  	RawQuery string
   287  
   288  	// RawPath is an optional field containing an encoded path hint.
   289  	// See the EscapedPath method for more details.
   290  	//
   291  	// In general, code should call EscapedPath instead of reading RawPath.
   292  	RawPath string
   293  
   294  	// RawFragment is an optional field containing an encoded fragment hint.
   295  	// See the EscapedFragment method for more details.
   296  	//
   297  	// In general, code should call EscapedFragment instead of reading RawFragment.
   298  	RawFragment string
   299  
   300  	// ForceQuery indicates whether the original URL contained a query ('?') character.
   301  	// When set, the String method will include a trailing '?', even when RawQuery is empty.
   302  	ForceQuery bool
   303  
   304  	// OmitHost indicates the URL has an empty host (authority).
   305  	// When set, the String method will not include the host when it is empty.
   306  	OmitHost bool
   307  }
   308  
   309  // User returns a [Userinfo] containing the provided username
   310  // and no password set.
   311  func User(username string) *Userinfo {
   312  	return &Userinfo{username, "", false}
   313  }
   314  
   315  // UserPassword returns a [Userinfo] containing the provided username
   316  // and password.
   317  //
   318  // This functionality should only be used with legacy web sites.
   319  // RFC 2396 warns that interpreting Userinfo this way
   320  // “is NOT RECOMMENDED, because the passing of authentication
   321  // information in clear text (such as URI) has proven to be a
   322  // security risk in almost every case where it has been used.”
   323  func UserPassword(username, password string) *Userinfo {
   324  	return &Userinfo{username, password, true}
   325  }
   326  
   327  // The Userinfo type is an immutable encapsulation of username and
   328  // password details for a [URL]. An existing Userinfo value is guaranteed
   329  // to have a username set (potentially empty, as allowed by RFC 2396),
   330  // and optionally a password.
   331  type Userinfo struct {
   332  	username    string
   333  	password    string
   334  	passwordSet bool
   335  }
   336  
   337  // Username returns the username.
   338  func (u *Userinfo) Username() string {
   339  	if u == nil {
   340  		return ""
   341  	}
   342  	return u.username
   343  }
   344  
   345  // Password returns the password in case it is set, and whether it is set.
   346  func (u *Userinfo) Password() (string, bool) {
   347  	if u == nil {
   348  		return "", false
   349  	}
   350  	return u.password, u.passwordSet
   351  }
   352  
   353  // String returns the encoded userinfo information in the standard form
   354  // of "username[:password]".
   355  func (u *Userinfo) String() string {
   356  	if u == nil {
   357  		return ""
   358  	}
   359  	s := escape(u.username, encodeUserPassword)
   360  	if u.passwordSet {
   361  		s += ":" + escape(u.password, encodeUserPassword)
   362  	}
   363  	return s
   364  }
   365  
   366  // Maybe rawURL is of the form scheme:path.
   367  // (Scheme must be [a-zA-Z][a-zA-Z0-9+.-]*)
   368  // If so, return scheme, path; else return "", rawURL.
   369  func getScheme(rawURL string) (scheme, path string, err error) {
   370  	for i := 0; i < len(rawURL); i++ {
   371  		c := rawURL[i]
   372  		switch {
   373  		case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z':
   374  		// do nothing
   375  		case '0' <= c && c <= '9' || c == '+' || c == '-' || c == '.':
   376  			if i == 0 {
   377  				return "", rawURL, nil
   378  			}
   379  		case c == ':':
   380  			if i == 0 {
   381  				return "", "", errors.New("missing protocol scheme")
   382  			}
   383  			return rawURL[:i], rawURL[i+1:], nil
   384  		default:
   385  			// we have encountered an invalid character,
   386  			// so there is no valid scheme
   387  			return "", rawURL, nil
   388  		}
   389  	}
   390  	return "", rawURL, nil
   391  }
   392  
   393  // Parse parses a raw url into a [URL] structure.
   394  //
   395  // The url may be relative (a path, without a host) or absolute
   396  // (starting with a scheme). Trying to parse a hostname and path
   397  // without a scheme is invalid but may not necessarily return an
   398  // error, due to parsing ambiguities.
   399  func Parse(rawURL string) (*URL, error) {
   400  	// Cut off #frag
   401  	u, frag, _ := strings.Cut(rawURL, "#")
   402  	url, err := parse(u, false)
   403  	if err != nil {
   404  		return nil, &Error{"parse", u, err}
   405  	}
   406  	if frag == "" {
   407  		return url, nil
   408  	}
   409  	if err = url.setFragment(frag); err != nil {
   410  		return nil, &Error{"parse", rawURL, err}
   411  	}
   412  	return url, nil
   413  }
   414  
   415  // ParseRequestURI parses a raw url into a [URL] structure. It assumes that
   416  // url was received in an HTTP request, so the url is interpreted
   417  // only as an absolute URI or an absolute path.
   418  // The string url is assumed not to have a #fragment suffix.
   419  // (Web browsers strip #fragment before sending the URL to a web server.)
   420  func ParseRequestURI(rawURL string) (*URL, error) {
   421  	url, err := parse(rawURL, true)
   422  	if err != nil {
   423  		return nil, &Error{"parse", rawURL, err}
   424  	}
   425  	return url, nil
   426  }
   427  
   428  // parse parses a URL from a string in one of two contexts. If
   429  // viaRequest is true, the URL is assumed to have arrived via an HTTP request,
   430  // in which case only absolute URLs or path-absolute relative URLs are allowed.
   431  // If viaRequest is false, all forms of relative URLs are allowed.
   432  func parse(rawURL string, viaRequest bool) (*URL, error) {
   433  	var rest string
   434  	var err error
   435  
   436  	if stringContainsCTLByte(rawURL) {
   437  		return nil, errors.New("net/url: invalid control character in URL")
   438  	}
   439  
   440  	if rawURL == "" && viaRequest {
   441  		return nil, errors.New("empty url")
   442  	}
   443  	url := new(URL)
   444  
   445  	if rawURL == "*" {
   446  		url.Path = "*"
   447  		return url, nil
   448  	}
   449  
   450  	// Split off possible leading "http:", "mailto:", etc.
   451  	// Cannot contain escaped characters.
   452  	if url.Scheme, rest, err = getScheme(rawURL); err != nil {
   453  		return nil, err
   454  	}
   455  	url.Scheme = strings.ToLower(url.Scheme)
   456  
   457  	if strings.HasSuffix(rest, "?") && strings.Count(rest, "?") == 1 {
   458  		url.ForceQuery = true
   459  		rest = rest[:len(rest)-1]
   460  	} else {
   461  		rest, url.RawQuery, _ = strings.Cut(rest, "?")
   462  	}
   463  
   464  	if !strings.HasPrefix(rest, "/") {
   465  		if url.Scheme != "" {
   466  			// We consider rootless paths per RFC 3986 as opaque.
   467  			url.Opaque = rest
   468  			return url, nil
   469  		}
   470  		if viaRequest {
   471  			return nil, errors.New("invalid URI for request")
   472  		}
   473  
   474  		// Avoid confusion with malformed schemes, like cache_object:foo/bar.
   475  		// See golang.org/issue/16822.
   476  		//
   477  		// RFC 3986, §3.3:
   478  		// In addition, a URI reference (Section 4.1) may be a relative-path reference,
   479  		// in which case the first path segment cannot contain a colon (":") character.
   480  		if segment, _, _ := strings.Cut(rest, "/"); strings.Contains(segment, ":") {
   481  			// First path segment has colon. Not allowed in relative URL.
   482  			return nil, errors.New("first path segment in URL cannot contain colon")
   483  		}
   484  	}
   485  
   486  	if (url.Scheme != "" || !viaRequest && !strings.HasPrefix(rest, "///")) && strings.HasPrefix(rest, "//") {
   487  		var authority string
   488  		authority, rest = rest[2:], ""
   489  		if i := strings.Index(authority, "/"); i >= 0 {
   490  			authority, rest = authority[:i], authority[i:]
   491  		}
   492  		url.User, url.Host, err = parseAuthority(url.Scheme, authority)
   493  		if err != nil {
   494  			return nil, err
   495  		}
   496  	} else if url.Scheme != "" && strings.HasPrefix(rest, "/") {
   497  		// OmitHost is set to true when rawURL has an empty host (authority).
   498  		// See golang.org/issue/46059.
   499  		url.OmitHost = true
   500  	}
   501  
   502  	// Set Path and, optionally, RawPath.
   503  	// RawPath is a hint of the encoding of Path. We don't want to set it if
   504  	// the default escaping of Path is equivalent, to help make sure that people
   505  	// don't rely on it in general.
   506  	if err := url.setPath(rest); err != nil {
   507  		return nil, err
   508  	}
   509  	return url, nil
   510  }
   511  
   512  func parseAuthority(scheme, authority string) (user *Userinfo, host string, err error) {
   513  	i := strings.LastIndex(authority, "@")
   514  	if i < 0 {
   515  		host, err = parseHost(scheme, authority)
   516  	} else {
   517  		host, err = parseHost(scheme, authority[i+1:])
   518  	}
   519  	if err != nil {
   520  		return nil, "", err
   521  	}
   522  	if i < 0 {
   523  		return nil, host, nil
   524  	}
   525  	userinfo := authority[:i]
   526  	if !validUserinfo(userinfo) {
   527  		return nil, "", errors.New("net/url: invalid userinfo")
   528  	}
   529  	if !strings.Contains(userinfo, ":") {
   530  		if userinfo, err = unescape(userinfo, encodeUserPassword); err != nil {
   531  			return nil, "", err
   532  		}
   533  		user = User(userinfo)
   534  	} else {
   535  		username, password, _ := strings.Cut(userinfo, ":")
   536  		if username, err = unescape(username, encodeUserPassword); err != nil {
   537  			return nil, "", err
   538  		}
   539  		if password, err = unescape(password, encodeUserPassword); err != nil {
   540  			return nil, "", err
   541  		}
   542  		user = UserPassword(username, password)
   543  	}
   544  	return user, host, nil
   545  }
   546  
   547  // parseHost parses host as an authority without user
   548  // information. That is, as host[:port].
   549  func parseHost(scheme, host string) (string, error) {
   550  	if openBracketIdx := strings.LastIndex(host, "["); openBracketIdx > 0 {
   551  		return "", errors.New("invalid IP-literal")
   552  	} else if openBracketIdx == 0 {
   553  		// Parse an IP-Literal in RFC 3986 and RFC 6874.
   554  		// E.g., "[fe80::1]", "[fe80::1%25en0]", "[fe80::1]:80".
   555  		closeBracketIdx := strings.LastIndex(host, "]")
   556  		if closeBracketIdx < 0 {
   557  			return "", errors.New("missing ']' in host")
   558  		}
   559  
   560  		colonPort := host[closeBracketIdx+1:]
   561  		if !validOptionalPort(colonPort) {
   562  			return "", fmt.Errorf("invalid port %q after host", colonPort)
   563  		}
   564  		unescapedColonPort, err := unescape(colonPort, encodeHost)
   565  		if err != nil {
   566  			return "", err
   567  		}
   568  
   569  		hostname := host[openBracketIdx+1 : closeBracketIdx]
   570  		var unescapedHostname string
   571  		// RFC 6874 defines that %25 (%-encoded percent) introduces
   572  		// the zone identifier, and the zone identifier can use basically
   573  		// any %-encoding it likes. That's different from the host, which
   574  		// can only %-encode non-ASCII bytes.
   575  		// We do impose some restrictions on the zone, to avoid stupidity
   576  		// like newlines.
   577  		zoneIdx := strings.Index(hostname, "%25")
   578  		if zoneIdx >= 0 {
   579  			hostPart, err := unescape(hostname[:zoneIdx], encodeHost)
   580  			if err != nil {
   581  				return "", err
   582  			}
   583  			zonePart, err := unescape(hostname[zoneIdx:], encodeZone)
   584  			if err != nil {
   585  				return "", err
   586  			}
   587  			unescapedHostname = hostPart + zonePart
   588  		} else {
   589  			var err error
   590  			unescapedHostname, err = unescape(hostname, encodeHost)
   591  			if err != nil {
   592  				return "", err
   593  			}
   594  		}
   595  
   596  		// Per RFC 3986, only a host identified by a valid
   597  		// IPv6 address can be enclosed by square brackets.
   598  		// This excludes any IPv4, but notably not IPv4-mapped addresses.
   599  		addr, err := netip.ParseAddr(unescapedHostname)
   600  		if err != nil {
   601  			return "", fmt.Errorf("invalid host: %w", err)
   602  		}
   603  		if addr.Is4() {
   604  			return "", errors.New("invalid IP-literal")
   605  		}
   606  		return "[" + unescapedHostname + "]" + unescapedColonPort, nil
   607  	} else if i := strings.Index(host, ":"); i != -1 {
   608  		lastColon := strings.LastIndex(host, ":")
   609  		if lastColon != i {
   610  			if scheme == "postgresql" || scheme == "postgres" {
   611  				// PostgreSQL relies on non-RFC-3986 parsing to accept
   612  				// a comma-separated list of hosts (with optional ports)
   613  				// in the host subcomponent:
   614  				// https://www.postgresql.org/docs/11/libpq-connect.html#LIBPQ-MULTIPLE-HOSTS
   615  				//
   616  				// Since we historically permitted colons to appear in the host,
   617  				// continue to permit it for postgres:// URLs only.
   618  				// https://go.dev/issue/75223
   619  				i = lastColon
   620  			} else if urlstrictcolons.Value() == "0" {
   621  				urlstrictcolons.IncNonDefault()
   622  				i = lastColon
   623  			}
   624  		}
   625  		colonPort := host[i:]
   626  		if !validOptionalPort(colonPort) {
   627  			return "", fmt.Errorf("invalid port %q after host", colonPort)
   628  		}
   629  	}
   630  
   631  	var err error
   632  	if host, err = unescape(host, encodeHost); err != nil {
   633  		return "", err
   634  	}
   635  	return host, nil
   636  }
   637  
   638  // setPath sets the Path and RawPath fields of the URL based on the provided
   639  // escaped path p. It maintains the invariant that RawPath is only specified
   640  // when it differs from the default encoding of the path.
   641  // For example:
   642  // - setPath("/foo/bar")   will set Path="/foo/bar" and RawPath=""
   643  // - setPath("/foo%2fbar") will set Path="/foo/bar" and RawPath="/foo%2fbar"
   644  // setPath will return an error only if the provided path contains an invalid
   645  // escaping.
   646  //
   647  // setPath should be an internal detail,
   648  // but widely used packages access it using linkname.
   649  // Notable members of the hall of shame include:
   650  //   - github.com/sagernet/sing
   651  //
   652  // Do not remove or change the type signature.
   653  // See go.dev/issue/67401.
   654  //
   655  //go:linkname badSetPath net/url.(*URL).setPath
   656  func (u *URL) setPath(p string) error {
   657  	path, err := unescape(p, encodePath)
   658  	if err != nil {
   659  		return err
   660  	}
   661  	u.Path = path
   662  	if escp := escape(path, encodePath); p == escp {
   663  		// Default encoding is fine.
   664  		u.RawPath = ""
   665  	} else {
   666  		u.RawPath = p
   667  	}
   668  	return nil
   669  }
   670  
   671  // for linkname because we cannot linkname methods directly
   672  func badSetPath(*URL, string) error
   673  
   674  // EscapedPath returns the escaped form of u.Path.
   675  // In general there are multiple possible escaped forms of any path.
   676  // EscapedPath returns u.RawPath when it is a valid escaping of u.Path.
   677  // Otherwise EscapedPath ignores u.RawPath and computes an escaped
   678  // form on its own.
   679  // The [URL.String] and [URL.RequestURI] methods use EscapedPath to construct
   680  // their results.
   681  // In general, code should call EscapedPath instead of
   682  // reading u.RawPath directly.
   683  func (u *URL) EscapedPath() string {
   684  	if u.RawPath != "" && validEncoded(u.RawPath, encodePath) {
   685  		p, err := unescape(u.RawPath, encodePath)
   686  		if err == nil && p == u.Path {
   687  			return u.RawPath
   688  		}
   689  	}
   690  	if u.Path == "*" {
   691  		return "*" // don't escape (Issue 11202)
   692  	}
   693  	return escape(u.Path, encodePath)
   694  }
   695  
   696  // validEncoded reports whether s is a valid encoded path or fragment,
   697  // according to mode.
   698  // It must not contain any bytes that require escaping during encoding.
   699  func validEncoded(s string, mode encoding) bool {
   700  	for i := 0; i < len(s); i++ {
   701  		// RFC 3986, Appendix A.
   702  		// pchar = unreserved / pct-encoded / sub-delims / ":" / "@".
   703  		// shouldEscape is not quite compliant with the RFC,
   704  		// so we check the sub-delims ourselves and let
   705  		// shouldEscape handle the others.
   706  		switch s[i] {
   707  		case '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=', ':', '@':
   708  			// ok
   709  		case '[', ']':
   710  			// ok - not specified in RFC 3986 but left alone by modern browsers
   711  		case '%':
   712  			// ok - percent encoded, will decode
   713  		default:
   714  			if shouldEscape(s[i], mode) {
   715  				return false
   716  			}
   717  		}
   718  	}
   719  	return true
   720  }
   721  
   722  // setFragment is like setPath but for Fragment/RawFragment.
   723  func (u *URL) setFragment(f string) error {
   724  	frag, err := unescape(f, encodeFragment)
   725  	if err != nil {
   726  		return err
   727  	}
   728  	u.Fragment = frag
   729  	if escf := escape(frag, encodeFragment); f == escf {
   730  		// Default encoding is fine.
   731  		u.RawFragment = ""
   732  	} else {
   733  		u.RawFragment = f
   734  	}
   735  	return nil
   736  }
   737  
   738  // EscapedFragment returns the escaped form of u.Fragment.
   739  // In general there are multiple possible escaped forms of any fragment.
   740  // EscapedFragment returns u.RawFragment when it is a valid escaping of u.Fragment.
   741  // Otherwise EscapedFragment ignores u.RawFragment and computes an escaped
   742  // form on its own.
   743  // The [URL.String] method uses EscapedFragment to construct its result.
   744  // In general, code should call EscapedFragment instead of
   745  // reading u.RawFragment directly.
   746  func (u *URL) EscapedFragment() string {
   747  	if u.RawFragment != "" && validEncoded(u.RawFragment, encodeFragment) {
   748  		f, err := unescape(u.RawFragment, encodeFragment)
   749  		if err == nil && f == u.Fragment {
   750  			return u.RawFragment
   751  		}
   752  	}
   753  	return escape(u.Fragment, encodeFragment)
   754  }
   755  
   756  // validOptionalPort reports whether port is either an empty string
   757  // or matches /^:\d*$/
   758  func validOptionalPort(port string) bool {
   759  	if port == "" {
   760  		return true
   761  	}
   762  	if port[0] != ':' {
   763  		return false
   764  	}
   765  	for _, b := range port[1:] {
   766  		if b < '0' || b > '9' {
   767  			return false
   768  		}
   769  	}
   770  	return true
   771  }
   772  
   773  // String reassembles the [URL] into a valid URL string.
   774  // The general form of the result is one of:
   775  //
   776  //	scheme:opaque?query#fragment
   777  //	scheme://userinfo@host/path?query#fragment
   778  //
   779  // If u.Opaque is non-empty, String uses the first form;
   780  // otherwise it uses the second form.
   781  // Any non-ASCII characters in host are escaped.
   782  // To obtain the path, String uses u.EscapedPath().
   783  //
   784  // In the second form, the following rules apply:
   785  //   - if u.Scheme is empty, scheme: is omitted.
   786  //   - if u.User is nil, userinfo@ is omitted.
   787  //   - if u.Host is empty, host/ is omitted.
   788  //   - if u.Scheme and u.Host are empty and u.User is nil,
   789  //     the entire scheme://userinfo@host/ is omitted.
   790  //   - if u.Host is non-empty and u.Path begins with a /,
   791  //     the form host/path does not add its own /.
   792  //   - if u.RawQuery is empty, ?query is omitted.
   793  //   - if u.Fragment is empty, #fragment is omitted.
   794  func (u *URL) String() string {
   795  	var buf strings.Builder
   796  
   797  	n := len(u.Scheme)
   798  	if u.Opaque != "" {
   799  		n += len(u.Opaque)
   800  	} else {
   801  		if !u.OmitHost && (u.Scheme != "" || u.Host != "" || u.User != nil) {
   802  			username := u.User.Username()
   803  			password, _ := u.User.Password()
   804  			n += len(username) + len(password) + len(u.Host)
   805  		}
   806  		n += len(u.Path)
   807  	}
   808  	n += len(u.RawQuery) + len(u.RawFragment)
   809  	n += len(":" + "//" + "//" + ":" + "@" + "/" + "./" + "?" + "#")
   810  	buf.Grow(n)
   811  
   812  	if u.Scheme != "" {
   813  		buf.WriteString(u.Scheme)
   814  		buf.WriteByte(':')
   815  	}
   816  	if u.Opaque != "" {
   817  		buf.WriteString(u.Opaque)
   818  	} else {
   819  		if u.Scheme != "" || u.Host != "" || u.User != nil {
   820  			if u.OmitHost && u.Host == "" && u.User == nil {
   821  				// omit empty host
   822  			} else {
   823  				if u.Host != "" || u.Path != "" || u.User != nil {
   824  					buf.WriteString("//")
   825  				}
   826  				if ui := u.User; ui != nil {
   827  					buf.WriteString(ui.String())
   828  					buf.WriteByte('@')
   829  				}
   830  				if h := u.Host; h != "" {
   831  					buf.WriteString(escape(h, encodeHost))
   832  				}
   833  			}
   834  		}
   835  		path := u.EscapedPath()
   836  		if path != "" && path[0] != '/' && u.Host != "" {
   837  			buf.WriteByte('/')
   838  		}
   839  		if buf.Len() == 0 {
   840  			// RFC 3986 §4.2
   841  			// A path segment that contains a colon character (e.g., "this:that")
   842  			// cannot be used as the first segment of a relative-path reference, as
   843  			// it would be mistaken for a scheme name. Such a segment must be
   844  			// preceded by a dot-segment (e.g., "./this:that") to make a relative-
   845  			// path reference.
   846  			if segment, _, _ := strings.Cut(path, "/"); strings.Contains(segment, ":") {
   847  				buf.WriteString("./")
   848  			}
   849  		}
   850  		buf.WriteString(path)
   851  	}
   852  	if u.ForceQuery || u.RawQuery != "" {
   853  		buf.WriteByte('?')
   854  		buf.WriteString(u.RawQuery)
   855  	}
   856  	if u.Fragment != "" {
   857  		buf.WriteByte('#')
   858  		buf.WriteString(u.EscapedFragment())
   859  	}
   860  	return buf.String()
   861  }
   862  
   863  // Redacted is like [URL.String] but replaces any password with "xxxxx".
   864  // Only the password in u.User is redacted.
   865  func (u *URL) Redacted() string {
   866  	if u == nil {
   867  		return ""
   868  	}
   869  
   870  	ru := *u
   871  	if _, has := ru.User.Password(); has {
   872  		ru.User = UserPassword(ru.User.Username(), "xxxxx")
   873  	}
   874  	return ru.String()
   875  }
   876  
   877  // Values maps a string key to a list of values.
   878  // It is typically used for query parameters and form values.
   879  // Unlike in the http.Header map, the keys in a Values map
   880  // are case-sensitive.
   881  type Values map[string][]string
   882  
   883  // Get gets the first value associated with the given key.
   884  // If there are no values associated with the key, Get returns
   885  // the empty string. To access multiple values, use the map
   886  // directly.
   887  func (v Values) Get(key string) string {
   888  	vs := v[key]
   889  	if len(vs) == 0 {
   890  		return ""
   891  	}
   892  	return vs[0]
   893  }
   894  
   895  // Set sets the key to value. It replaces any existing
   896  // values.
   897  func (v Values) Set(key, value string) {
   898  	v[key] = []string{value}
   899  }
   900  
   901  // Add adds the value to key. It appends to any existing
   902  // values associated with key.
   903  func (v Values) Add(key, value string) {
   904  	v[key] = append(v[key], value)
   905  }
   906  
   907  // Del deletes the values associated with key.
   908  func (v Values) Del(key string) {
   909  	delete(v, key)
   910  }
   911  
   912  // Has checks whether a given key is set.
   913  func (v Values) Has(key string) bool {
   914  	_, ok := v[key]
   915  	return ok
   916  }
   917  
   918  // ParseQuery parses the URL-encoded query string and returns
   919  // a map listing the values specified for each key.
   920  // ParseQuery always returns a non-nil map containing all the
   921  // valid query parameters found; err describes the first decoding error
   922  // encountered, if any.
   923  //
   924  // Query is expected to be a list of key=value settings separated by ampersands.
   925  // A setting without an equals sign is interpreted as a key set to an empty
   926  // value.
   927  // Settings containing a non-URL-encoded semicolon are considered invalid.
   928  func ParseQuery(query string) (Values, error) {
   929  	m := make(Values)
   930  	err := parseQuery(m, query)
   931  	return m, err
   932  }
   933  
   934  var urlmaxqueryparams = godebug.New("urlmaxqueryparams")
   935  
   936  const defaultMaxParams = 10000
   937  
   938  func urlParamsWithinMax(params int) bool {
   939  	withinDefaultMax := params <= defaultMaxParams
   940  	if urlmaxqueryparams.Value() == "" {
   941  		return withinDefaultMax
   942  	}
   943  	customMax, err := strconv.Atoi(urlmaxqueryparams.Value())
   944  	if err != nil {
   945  		return withinDefaultMax
   946  	}
   947  	withinCustomMax := customMax == 0 || params < customMax
   948  	if withinDefaultMax != withinCustomMax {
   949  		urlmaxqueryparams.IncNonDefault()
   950  	}
   951  	return withinCustomMax
   952  }
   953  
   954  func parseQuery(m Values, query string) (err error) {
   955  	if !urlParamsWithinMax(strings.Count(query, "&") + 1) {
   956  		return errors.New("number of URL query parameters exceeded limit")
   957  	}
   958  	for query != "" {
   959  		var key string
   960  		key, query, _ = strings.Cut(query, "&")
   961  		if strings.Contains(key, ";") {
   962  			err = fmt.Errorf("invalid semicolon separator in query")
   963  			continue
   964  		}
   965  		if key == "" {
   966  			continue
   967  		}
   968  		key, value, _ := strings.Cut(key, "=")
   969  		key, err1 := QueryUnescape(key)
   970  		if err1 != nil {
   971  			if err == nil {
   972  				err = err1
   973  			}
   974  			continue
   975  		}
   976  		value, err1 = QueryUnescape(value)
   977  		if err1 != nil {
   978  			if err == nil {
   979  				err = err1
   980  			}
   981  			continue
   982  		}
   983  		m[key] = append(m[key], value)
   984  	}
   985  	return err
   986  }
   987  
   988  // Encode encodes the values into “URL encoded” form
   989  // ("bar=baz&foo=quux") sorted by key.
   990  func (v Values) Encode() string {
   991  	if len(v) == 0 {
   992  		return ""
   993  	}
   994  	var buf strings.Builder
   995  	// To minimize allocations, we eschew iterators and pre-size the slice in
   996  	// which we collect v's keys.
   997  	keys := make([]string, len(v))
   998  	var i int
   999  	for k := range v {
  1000  		keys[i] = k
  1001  		i++
  1002  	}
  1003  	slices.Sort(keys)
  1004  	for _, k := range keys {
  1005  		vs := v[k]
  1006  		keyEscaped := QueryEscape(k)
  1007  		for _, v := range vs {
  1008  			if buf.Len() > 0 {
  1009  				buf.WriteByte('&')
  1010  			}
  1011  			buf.WriteString(keyEscaped)
  1012  			buf.WriteByte('=')
  1013  			buf.WriteString(QueryEscape(v))
  1014  		}
  1015  	}
  1016  	return buf.String()
  1017  }
  1018  
  1019  // resolvePath applies special path segments from refs and applies
  1020  // them to base, per RFC 3986.
  1021  func resolvePath(base, ref string) string {
  1022  	var full string
  1023  	if ref == "" {
  1024  		full = base
  1025  	} else if ref[0] != '/' {
  1026  		i := strings.LastIndex(base, "/")
  1027  		full = base[:i+1] + ref
  1028  	} else {
  1029  		full = ref
  1030  	}
  1031  	if full == "" {
  1032  		return ""
  1033  	}
  1034  
  1035  	var (
  1036  		elem string
  1037  		dst  strings.Builder
  1038  	)
  1039  	first := true
  1040  	remaining := full
  1041  	// We want to return a leading '/', so write it now.
  1042  	dst.WriteByte('/')
  1043  	found := true
  1044  	for found {
  1045  		elem, remaining, found = strings.Cut(remaining, "/")
  1046  		if elem == "." {
  1047  			first = false
  1048  			// drop
  1049  			continue
  1050  		}
  1051  
  1052  		if elem == ".." {
  1053  			// Ignore the leading '/' we already wrote.
  1054  			str := dst.String()[1:]
  1055  			index := strings.LastIndexByte(str, '/')
  1056  
  1057  			dst.Reset()
  1058  			dst.WriteByte('/')
  1059  			if index == -1 {
  1060  				first = true
  1061  			} else {
  1062  				dst.WriteString(str[:index])
  1063  			}
  1064  		} else {
  1065  			if !first {
  1066  				dst.WriteByte('/')
  1067  			}
  1068  			dst.WriteString(elem)
  1069  			first = false
  1070  		}
  1071  	}
  1072  
  1073  	if elem == "." || elem == ".." {
  1074  		dst.WriteByte('/')
  1075  	}
  1076  
  1077  	// We wrote an initial '/', but we don't want two.
  1078  	r := dst.String()
  1079  	if len(r) > 1 && r[1] == '/' {
  1080  		r = r[1:]
  1081  	}
  1082  	return r
  1083  }
  1084  
  1085  // IsAbs reports whether the [URL] is absolute.
  1086  // Absolute means that it has a non-empty scheme.
  1087  func (u *URL) IsAbs() bool {
  1088  	return u.Scheme != ""
  1089  }
  1090  
  1091  // Parse parses a [URL] in the context of the receiver. The provided URL
  1092  // may be relative or absolute. Parse returns nil, err on parse
  1093  // failure, otherwise its return value is the same as [URL.ResolveReference].
  1094  func (u *URL) Parse(ref string) (*URL, error) {
  1095  	refURL, err := Parse(ref)
  1096  	if err != nil {
  1097  		return nil, err
  1098  	}
  1099  	return u.ResolveReference(refURL), nil
  1100  }
  1101  
  1102  // ResolveReference resolves a URI reference to an absolute URI from
  1103  // an absolute base URI u, per RFC 3986 Section 5.2. The URI reference
  1104  // may be relative or absolute. ResolveReference always returns a new
  1105  // [URL] instance, even if the returned URL is identical to either the
  1106  // base or reference. If ref is an absolute URL, then ResolveReference
  1107  // ignores base and returns a copy of ref.
  1108  func (u *URL) ResolveReference(ref *URL) *URL {
  1109  	url := *ref
  1110  	if ref.Scheme == "" {
  1111  		url.Scheme = u.Scheme
  1112  	}
  1113  	if ref.Scheme != "" || ref.Host != "" || ref.User != nil {
  1114  		// The "absoluteURI" or "net_path" cases.
  1115  		// We can ignore the error from setPath since we know we provided a
  1116  		// validly-escaped path.
  1117  		url.setPath(resolvePath(ref.EscapedPath(), ""))
  1118  		return &url
  1119  	}
  1120  	if ref.Opaque != "" {
  1121  		url.User = nil
  1122  		url.Host = ""
  1123  		url.Path = ""
  1124  		return &url
  1125  	}
  1126  	if ref.Path == "" && !ref.ForceQuery && ref.RawQuery == "" {
  1127  		url.RawQuery = u.RawQuery
  1128  		if ref.Fragment == "" {
  1129  			url.Fragment = u.Fragment
  1130  			url.RawFragment = u.RawFragment
  1131  		}
  1132  	}
  1133  	if ref.Path == "" && u.Opaque != "" {
  1134  		url.Opaque = u.Opaque
  1135  		url.User = nil
  1136  		url.Host = ""
  1137  		url.Path = ""
  1138  		return &url
  1139  	}
  1140  	// The "abs_path" or "rel_path" cases.
  1141  	url.Host = u.Host
  1142  	url.User = u.User
  1143  	url.setPath(resolvePath(u.EscapedPath(), ref.EscapedPath()))
  1144  	return &url
  1145  }
  1146  
  1147  // Query parses RawQuery and returns the corresponding values.
  1148  // It silently discards malformed value pairs.
  1149  // To check errors use [ParseQuery].
  1150  func (u *URL) Query() Values {
  1151  	v, _ := ParseQuery(u.RawQuery)
  1152  	return v
  1153  }
  1154  
  1155  // RequestURI returns the encoded path?query or opaque?query
  1156  // string that would be used in an HTTP request for u.
  1157  func (u *URL) RequestURI() string {
  1158  	result := u.Opaque
  1159  	if result == "" {
  1160  		result = u.EscapedPath()
  1161  		if result == "" {
  1162  			result = "/"
  1163  		}
  1164  	} else {
  1165  		if strings.HasPrefix(result, "//") {
  1166  			result = u.Scheme + ":" + result
  1167  		}
  1168  	}
  1169  	if u.ForceQuery || u.RawQuery != "" {
  1170  		result += "?" + u.RawQuery
  1171  	}
  1172  	return result
  1173  }
  1174  
  1175  // Hostname returns u.Host, stripping any valid port number if present.
  1176  //
  1177  // If the result is enclosed in square brackets, as literal IPv6 addresses are,
  1178  // the square brackets are removed from the result.
  1179  func (u *URL) Hostname() string {
  1180  	host, _ := splitHostPort(u.Host)
  1181  	return host
  1182  }
  1183  
  1184  // Port returns the port part of u.Host, without the leading colon.
  1185  //
  1186  // If u.Host doesn't contain a valid numeric port, Port returns an empty string.
  1187  func (u *URL) Port() string {
  1188  	_, port := splitHostPort(u.Host)
  1189  	return port
  1190  }
  1191  
  1192  // splitHostPort separates host and port. If the port is not valid, it returns
  1193  // the entire input as host, and it doesn't check the validity of the host.
  1194  // Unlike net.SplitHostPort, but per RFC 3986, it requires ports to be numeric.
  1195  func splitHostPort(hostPort string) (host, port string) {
  1196  	host = hostPort
  1197  
  1198  	colon := strings.LastIndexByte(host, ':')
  1199  	if colon != -1 && validOptionalPort(host[colon:]) {
  1200  		host, port = host[:colon], host[colon+1:]
  1201  	}
  1202  
  1203  	if strings.HasPrefix(host, "[") && strings.HasSuffix(host, "]") {
  1204  		host = host[1 : len(host)-1]
  1205  	}
  1206  
  1207  	return
  1208  }
  1209  
  1210  // Marshaling interface implementations.
  1211  // Would like to implement MarshalText/UnmarshalText but that will change the JSON representation of URLs.
  1212  
  1213  func (u *URL) MarshalBinary() (text []byte, err error) {
  1214  	return u.AppendBinary(nil)
  1215  }
  1216  
  1217  func (u *URL) AppendBinary(b []byte) ([]byte, error) {
  1218  	return append(b, u.String()...), nil
  1219  }
  1220  
  1221  func (u *URL) UnmarshalBinary(text []byte) error {
  1222  	u1, err := Parse(string(text))
  1223  	if err != nil {
  1224  		return err
  1225  	}
  1226  	*u = *u1
  1227  	return nil
  1228  }
  1229  
  1230  // JoinPath returns a new [URL] with the provided path elements joined to
  1231  // any existing path and the resulting path cleaned of any ./ or ../ elements.
  1232  // Any sequences of multiple / characters will be reduced to a single /.
  1233  // Path elements must already be in escaped form, as produced by [PathEscape].
  1234  func (u *URL) JoinPath(elem ...string) *URL {
  1235  	url, _ := u.joinPath(elem...)
  1236  	return url
  1237  }
  1238  
  1239  func (u *URL) joinPath(elem ...string) (*URL, error) {
  1240  	elem = append([]string{u.EscapedPath()}, elem...)
  1241  	var p string
  1242  	if !strings.HasPrefix(elem[0], "/") {
  1243  		// Return a relative path if u is relative,
  1244  		// but ensure that it contains no ../ elements.
  1245  		elem[0] = "/" + elem[0]
  1246  		p = path.Join(elem...)[1:]
  1247  	} else {
  1248  		p = path.Join(elem...)
  1249  	}
  1250  	// path.Join will remove any trailing slashes.
  1251  	// Preserve at least one.
  1252  	if strings.HasSuffix(elem[len(elem)-1], "/") && !strings.HasSuffix(p, "/") {
  1253  		p += "/"
  1254  	}
  1255  	url := *u
  1256  	err := url.setPath(p)
  1257  	return &url, err
  1258  }
  1259  
  1260  // validUserinfo reports whether s is a valid userinfo string per RFC 3986
  1261  // Section 3.2.1:
  1262  //
  1263  //	userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
  1264  //	unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
  1265  //	sub-delims  = "!" / "$" / "&" / "'" / "(" / ")"
  1266  //	              / "*" / "+" / "," / ";" / "="
  1267  //
  1268  // It doesn't validate pct-encoded. The caller does that via func unescape.
  1269  func validUserinfo(s string) bool {
  1270  	for _, r := range s {
  1271  		if 'A' <= r && r <= 'Z' {
  1272  			continue
  1273  		}
  1274  		if 'a' <= r && r <= 'z' {
  1275  			continue
  1276  		}
  1277  		if '0' <= r && r <= '9' {
  1278  			continue
  1279  		}
  1280  		switch r {
  1281  		case '-', '.', '_', ':', '~', '!', '$', '&', '\'',
  1282  			'(', ')', '*', '+', ',', ';', '=', '%':
  1283  			continue
  1284  		case '@':
  1285  			// `RFC 3986 section 3.2.1` does not allow '@' in userinfo.
  1286  			// It is a delimiter between userinfo and host.
  1287  			// However, URLs are diverse, and in some cases,
  1288  			// the userinfo may contain an '@' character,
  1289  			// for example, in "http://username:p@ssword@google.com",
  1290  			// the string "username:p@ssword" should be treated as valid userinfo.
  1291  			// Ref:
  1292  			//   https://go.dev/issue/3439
  1293  			//   https://go.dev/issue/22655
  1294  			continue
  1295  		default:
  1296  			return false
  1297  		}
  1298  	}
  1299  	return true
  1300  }
  1301  
  1302  // stringContainsCTLByte reports whether s contains any ASCII control character.
  1303  func stringContainsCTLByte(s string) bool {
  1304  	for i := 0; i < len(s); i++ {
  1305  		b := s[i]
  1306  		if b < ' ' || b == 0x7f {
  1307  			return true
  1308  		}
  1309  	}
  1310  	return false
  1311  }
  1312  
  1313  // JoinPath returns a [URL] string with the provided path elements joined to
  1314  // the existing path of base and the resulting path cleaned of any ./ or ../ elements.
  1315  // Path elements must already be in escaped form, as produced by [PathEscape].
  1316  func JoinPath(base string, elem ...string) (result string, err error) {
  1317  	url, err := Parse(base)
  1318  	if err != nil {
  1319  		return
  1320  	}
  1321  	res, err := url.joinPath(elem...)
  1322  	if err != nil {
  1323  		return "", err
  1324  	}
  1325  	return res.String(), nil
  1326  }
  1327
View as plain text