fix: prevent dots from being URL-encoded in userinfo and add tests

Copilot · Byron · Byron · commit 1afa7a5de63c · 2025-12-02T08:06:20.000+01:00
Co-authored-by: Byron &lt;63622+Byron@users.noreply.github.com&gt;
diff --git a/gix-url/src/lib.rs b/gix-url/src/lib.rs
@@ -328,8 +328,37 @@ impl Url {
     }
 }
 
+/// Characters that must be percent-encoded in the userinfo component of a URL.
+///
+/// According to RFC 3986, userinfo can contain:
+/// - unreserved characters: `A-Z a-z 0-9 - . _ ~`
+/// - percent-encoded characters
+/// - sub-delims: `! $ & ' ( ) * + , ; =`
+/// - `:`
+///
+/// This encode set encodes everything else, particularly `@` (userinfo delimiter),
+/// `/` `?` `#` (path/query/fragment delimiters), and various other special characters.
+const USERINFO_ENCODE_SET: &percent_encoding::AsciiSet = &percent_encoding::CONTROLS
+    .add(b' ')
+    .add(b'"')
+    .add(b'#')
+    .add(b'%')
+    .add(b'/')
+    .add(b'<')
+    .add(b'>')
+    .add(b'?')
+    .add(b'@')
+    .add(b'[')
+    .add(b'\\')
+    .add(b']')
+    .add(b'^')
+    .add(b'`')
+    .add(b'{')
+    .add(b'|')
+    .add(b'}');
+
 fn percent_encode(s: &str) -> Cow<'_, str> {
-    percent_encoding::utf8_percent_encode(s, percent_encoding::NON_ALPHANUMERIC).into()
+    percent_encoding::utf8_percent_encode(s, USERINFO_ENCODE_SET).into()
 }
 
 /// Serialization
diff --git a/gix-url/tests/fixtures/make_baseline.sh b/gix-url/tests/fixtures/make_baseline.sh
@@ -52,6 +52,12 @@ done
 tests_windows+=("file://c:/repo")
 tests_windows+=("c:repo")
 
+# Test URLs with dots in usernames (gitbutler issue #11419)
+# Dots should not be percent-encoded in userinfo
+tests+=("ssh://user.name@host/repo")
+tests+=("git://user.name@host/repo")
+tests+=("user.name@host:repo")
+
 tests_unix+=("${tests[@]}")
 tests_windows+=("${tests[@]}")
 
diff --git a/gix-url/tests/url/parse/http.rs b/gix-url/tests/url/parse/http.rs
@@ -94,3 +94,27 @@ fn http_missing_path() -> crate::Result {
     assert_url("http://host.xz", url(Scheme::Http, None, "host.xz", None, b"/"))?;
     Ok(())
 }
+
+#[test]
+fn username_with_dot_is_not_percent_encoded() -> crate::Result {
+    assert_url_roundtrip(
+        "http://user.name@example.com/repo",
+        url(Scheme::Http, "user.name", "example.com", None, b"/repo"),
+    )
+}
+
+#[test]
+fn password_with_dot_is_not_percent_encoded() -> crate::Result {
+    assert_url_roundtrip(
+        "http://user:pass.word@example.com/repo",
+        url_with_pass(Scheme::Http, "user", "pass.word", "example.com", None, b"/repo"),
+    )
+}
+
+#[test]
+fn username_and_password_with_dots_are_not_percent_encoded() -> crate::Result {
+    assert_url_roundtrip(
+        "http://user.name:pass.word@example.com/repo",
+        url_with_pass(Scheme::Http, "user.name", "pass.word", "example.com", None, b"/repo"),
+    )
+}
diff --git a/gix-url/tests/url/parse/ssh.rs b/gix-url/tests/url/parse/ssh.rs
@@ -55,6 +55,14 @@ fn with_user_and_without_port() -> crate::Result {
     )
 }
 
+#[test]
+fn username_with_dot_is_not_percent_encoded() -> crate::Result {
+    assert_url_roundtrip(
+        "ssh://user.name@host.xz/.git",
+        url(Scheme::Ssh, "user.name", "host.xz", None, b"/.git"),
+    )
+}
+
 #[test]
 fn with_user_and_port_and_absolute_path() -> crate::Result {
     assert_url_roundtrip(

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,14 @@ fn with_user_and_without_port() -> crate::Result {`
`55`	`55`	`)`
`56`	`56`	`}`
`57`	`57`
	`58`	`+#[test]`
	`59`	`+fn username_with_dot_is_not_percent_encoded() -> crate::Result {`
	`60`	`+ assert_url_roundtrip(`
	`61`	`+ "ssh://user.name@host.xz/.git",`
	`62`	`+ url(Scheme::Ssh, "user.name", "host.xz", None, b"/.git"),`
	`63`	`+ )`
	`64`	`+}`
	`65`	`+`
`58`	`66`	`#[test]`
`59`	`67`	`fn with_user_and_port_and_absolute_path() -> crate::Result {`
`60`	`68`	`assert_url_roundtrip(`