|Subject:||URI::Escape::uri_escape() default $unsafe chars outdated -- "unreserved" definition was changed in RFC 3986|
The default set of safe characters of URI::Escape::uri_escape() is [A-Za-z0-9\-_.!~*'()]. This corresponds to the set of characters procuded by the "unreserved" grammar element in RFC 2396. RFC 2396, however, has been replaced by RFC 3986 in January 2005, and the definition of the "unreserved" characters has deliberately been changed (see <rfc2396bis-04.html#changes>, search for "uric") from [A-Za-z0-9\- _.!~*'()] to [A-Za-z0-9\-._~], i.e. the characters [!*'()] are no longer "unreserved". The URI::Escape::uri_escape() default list of safe/unsage characters should be adjusted to match the updated definition.