code review 3910042: http: fix scheme-relative URL parsing; add ParseRequestURL

src/pkg/http/url.go

 // Copyright 2009 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
 // Parse URLs (actually URIs, but that seems overly pedantic).
 // RFC 3986
 
 package http
 
 import (
@@ skipping 382 matching lines @@
         url = new(URL)
         url.Raw = rawurl
 
         // Split off possible leading "http:", "mailto:", etc.
         // Cannot contain escaped characters.
         var path string
         if url.Scheme, path, err = getscheme(rawurl); err != nil {
                 goto Error
         }
 
-        if url.Scheme != "" && (len(path) == 0 || path[0] != '/') {
+        if url.Scheme != "" && !strings.HasPrefix(path, "/") {
                 // RFC 2396:
                 // Absolute URI (has scheme) with non-rooted path
                 // is uninterpreted.  It doesn't even have a ?query.
                 // This is the case that handles mailto:name@example.com.
                 url.RawPath = path
 
                 if url.Path, err = urlUnescape(path, encodeOpaque); err != nil {
                         goto Error
                 }
                 url.OpaquePath = true
         } else {
                 // Split off query before parsing path further.
                 url.RawPath = path
                 path, query := split(path, '?', false)
                 if len(query) > 1 {
                         url.RawQuery = query[1:]
                 }
 
                 // Maybe path is //authority/path
-                if url.Scheme != "" && len(path) > 2 && path[0:2] == "//" {
+                if strings.HasPrefix(path, "//") && !strings.HasPrefix(path, "///") {
                         url.RawAuthority, path = split(path[2:], '/', false)
                         url.RawPath = url.RawPath[2+len(url.RawAuthority):]
                 }
 
                 // Split authority into userinfo@host.
                 // If there's no @, split's default is wrong.  Check explicitly.
                 var rawHost string
                 if strings.Index(url.RawAuthority, "@") < 0 {
                         rawHost = url.RawAuthority
                 } else {
@@ skipping 86 matching lines @@
 func EncodeQuery(m map[string][]string) string {
         parts := make([]string, 0, len(m)) // will be large enough for most uses
         for k, vs := range m {
                 prefix := URLEscape(k) + "="
                 for _, v := range vs {
                         parts = append(parts, prefix+URLEscape(v))
                 }
         }
         return strings.Join(parts, "&")
 }
+
+// cleanURLForRequest cleans URLs as parsed from ReadRequest.

[rsc, 2011/01/11 16:08:22]

I agree with adg that this code should be in ReadRequest,
maybe even inlined.  The comment that would help me would be:

// ParseURL interprets //foo as a scheme-relative URL, but
// in an HTTP request //foo is just a path.  Convert.

+// ReadRequest uses ParseURL which accepts a superset of URL formats
+// which are valid for web requests (scheme-relative URLs, for example)
+// Ideally ReadRequest should use a different parse function for HTTP
+// serving context, but for now we'll just fix it up here.
+func cleanURLForHTTPRequest(url *URL) {

[adg, 2011/01/11 02:44:56]

I'm a little uncomfortable with the naming and location of this function. At the
very least it should have a TODO comment, and perhaps it should be in request.go
instead.

The comment doesn't really explain what it does, only what it is for. Maybe
that's why I find it confusing.

+        if url.Scheme == "" && url.RawAuthority != "" {
+                prefix := "//" + url.RawAuthority
+                url.Host = ""
+                url.RawAuthority = ""
+                url.RawUserinfo = ""
+                url.Path = prefix + url.Path
+                url.RawPath = prefix + url.RawPath
+        }
+}