Don't unescape characters that can change the meaning of a URL. I removed the set of characters labeled PASS in url_canon_path.cc from the characters we'll unescape for URLs. Since there is no canonical meaning for these characters, this transformation can cause problems for certain servers.

I updated the escape tests to use a different character so the test works like before (I no longer unescape semicolon).

When I fixed this, I realized I broke the content disposition filename unescaping. It was using URL unescaping rules which I think is incorrect for filenames in headers, so I added the "also unescape URL special characters" flag to the unescape call that this function uses.

TEST=updated unit tests
BUG=64732
Review URL: http://codereview.chromium.org/5376007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68011 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 1 deletions

diff --git a/net/base/net_util.cc b/net/base/net_util.cc
index 06432d9..d032d8a 100644
--- a/net/base/net_util.cc
+++ b/net/base/net_util.cc
@@ -1140,7 +1140,9 @@ std::string GetFileNameFromCD(const std::string& header,
         // RFC 5987 value should be ASCII-only.
         if (!IsStringASCII(value))
           return std::string();
-        std::string tmp = UnescapeURLComponent(value, UnescapeRule::SPACES);
+        std::string tmp = UnescapeURLComponent(
+            value,
+            UnescapeRule::SPACES | UnescapeRule::URL_SPECIAL_CHARS);
         if (base::ConvertToUtf8AndNormalize(tmp, charset, &decoded))
           return decoded;
       }