URL.parse fails on valid query/path with single quote character

[hueniverse]

Parsing of URIs with valid single-quote character in path or query fails. For example:

http://x/path?message=that's&x=4#frag

RFC 3986 allows the following characters:

  pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
  unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
  sub-delims  = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
  query       = *( pchar / "/" / "?" )

However the delims variable incorrectly includes single-quote which is allowed:

delims = ['<', '>', '"', '\'', '`', /\s/],

The delims variable is used here:

  // chop off any delim chars.
  if (!unsafeProtocol[lowerProto]) {
    var chop = rest.length;
    for (var i = 0, l = delims.length; i < l; i++) {
      var c = rest.indexOf(delims[i]);
      if (c !== -1) {
        chop = Math.min(c, chop);
      }
    }
    rest = rest.substr(0, chop);
    out.href += rest;
  }

Which is messing with the path, query, and fragment, even though that code was added to make the host parsing safe per issue 711.

I'm not sure what this code is actually for, but it is chopping off valid URI components if they include a legal single-quote.

[isaacs]

Got a patch that fixes this, and found a few other little nits while I was in there. Update forthcoming.