Consider not auto escaping single quote in url.js

[pofallon]

Commit 90802d6 closed issue #954 and also added auto escaping of single quotes in the url. I've come across cases where an unescaped single quote is a legitimate, expected part of the URL (see Azure API's here: http://msdn.microsoft.com/en-us/library/dd179387.aspx). Watching these Azure REST calls with fiddler2 on Windows (using a different Azure client) shows the URL's going through with the single quotes intact (not escaped).

Since (in the Azure example) the URL is also used in creating the Authentication http header, having the URL changed "under the covers" creates an authentication error because the URL (after being auto escaped) does not match the one used to calculate the Authentication header.

I've been able to work around the issue so far by escaping the single quotes myself (before creating the Authentication header) and this works with Azure. However (IMHO) the URL specified in 'request' (etc.) should be the same URL that goes out over the wire -- it's more predictable that way.

Thanks!

[ry]

@isaacs - maybe revert 90802d6 ?

[ry]

@isaacs can you please comment

[isaacs]

I'd say, let's not revert 90802d6, but it does make sense to not auto-escape single-quotes.

According to the spec, single-quotes are delimiters, and absolutely cannot appear unescaped in a url. On the other hand, every browser allows it, so we probably should as well.

[pofallon]

That would be great, thank you! (And thanks, too, for the heads-up about the spec -- I didn't know that).

[isaacs]

@pofallon This should be working as you originally requested on master/v0.8. Please comment here if I'm misunderstanding it. We decided to just go ahead and allow delimiters, but escape them, since that's what the browser does if you put a delimiter char in the url bar or in a <a href="...">.