aspnetcore: Route parameter with urlencoded slash. Inconsistency beetween TestServer and Kestrel behavior.

Ok, so SafeUnescaped is not what we need. Unescaped is pretty close except for %2f and %2e.

The %2e difference might actually be an issue in UrlDecoder rather than URI. In https://datatracker.ietf.org/doc/html/rfc3986/#section-5.2.4 it calls out /. and /./ as a special case where the segment should be removed. UrlDecoder handles the other special navigation case for /.. and /../ but not the single dot case. I’ll file a separate issue for that. Edit Nevermind, RemoveDotSegments is a separate step done by the server after decoding. We’ll revisit that if it becomes an issue. https://github.com/dotnet/aspnetcore/blob/52eff90fbcfca39b7eb58baad597df6a99a542b0/src/Servers/Kestrel/Core/src/Internal/Http/PathNormalizer.cs#L36

Yes, try using UrlDecoder in PathString. When working with the Uri overload of FromUriComponent you’ll want to start with SafeUnescaped and then apply the UrlDecoder.

PathString itself is a bit unsure on this implementation too, it says:

// REVIEW: what is the exactly correct thing to do?

Resolving that ambiguity is probably the best path forward.

Can you do a thorough comparison please? E.g. for a fully escaped input sequence of ascii bytes %00-%7F, what’s the current behavior of PathString.FromUriComponent (TestServer), UriFormat.SafeUnescaped, and Kestrel. Include the test setup code if possible.