percent-encode U+007F in cannot-be-a-base-URL path and fragment states

According to the URL specification [1], several parts of a parsed url
must UTF-8 percent-encoded supersets of the C0 control percent encode
set [2]. However, Blink does not do that for U+007F DELETE in the
cannot-be-a-base-URL path and fragment states [3] [4]. This CL fixes
that and also adds URL WPT tests for various URL percent-encoding
cases.

You can find more details on the Chrome status entry [5] and
intent-to-ship thread [6].

[1] https://url.spec.whatwg.org/#concept-basic-url-parser
[2] https://url.spec.whatwg.org/#c0-control-percent-encode-set
[3] https://url.spec.whatwg.org/#cannot-be-a-base-url-path-state
[4] https://url.spec.whatwg.org/#fragment-state
[5] https://chromestatus.com/feature/5651438652882944
[6] https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/en6buycTcKQ

Bug: 809852
Change-Id: I9c75224a537f09a5b41ca7e9295f2a3bf7fad061
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2324425Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Dominick Ng <dominickn@chromium.org>
Commit-Queue: Frédéric Wang <fwang@igalia.com>
Cr-Commit-Position: refs/heads/master@{#796734}

chrome/browser/custom_handlers/protocol_handler_registry_unittest.cc

@@ -993,21 +993,18 @@ TEST_F(ProtocolHandlerRegistryTest, TestURIPercentEncoding) {
                                  "url=web%2Bcustom%3A%2F%2Fcustom%2F%3C%3E%60%"
                                  "7B%7D%23%3F%22'%25F0%259F%2598%2582"));
 
-  // C0 characters. GURL constructor encodes U+001F as "%1F" first, because
-  // U+001F is an illegal char. Then the protocol handler translator encodes it
-  // to "%251F" again. That's why the expected result has double-encoded URL.
+  // ASCII characters from the C0 controls percent-encode set.
+  // GURL constructor encodes U+001F and U+007F as "%1F" and "%7F" first,
+  // Then the protocol handler translator encodes them to "%25%1F" and "%25%7F"
+  // again. That's why the expected result has double-encoded URL.
   translated_url = ph.TranslateUrl(GURL("web+custom://custom/\x1fhandler"));
   ASSERT_EQ(
       translated_url,
       GURL("https://test.com/url=web%2Bcustom%3A%2F%2Fcustom%2F%251Fhandler"));
-
-  // Control characters.
-  // TODO(crbug.com/809852): Check why non-special URLs don't encode any
-  // characters above U+001F.
   translated_url = ph.TranslateUrl(GURL("web+custom://custom/\x7Fhandler"));
   ASSERT_EQ(
       translated_url,
-      GURL("https://test.com/url=web%2Bcustom%3A%2F%2Fcustom%2F%7Fhandler"));
+      GURL("https://test.com/url=web%2Bcustom%3A%2F%2Fcustom%2F%257Fhandler"));
 
   // Path percent-encode set.
   translated_url =

third_party/blink/web_tests/external/wpt/url/resources/urltestdata.json

@@ -6986,5 +6986,51 @@
     "pathname": "/",
     "search": "",
     "hash": "#link"
+  },
+  "UTF-8 percent-encode of C0 control percent-encode set and supersets",
+  {
+    "input": "non-special:cannot-be-a-base-url-\u0000\u0001\u001F\u001E\u007E\u007F\u0080",
+    "base": "about:blank",
+    "hash": "",
+    "host": "",
+    "hostname": "",
+    "href": "non-special:cannot-be-a-base-url-%00%01%1F%1E~%7F%C2%80",
+    "origin": "null",
+    "password": "",
+    "pathname": "cannot-be-a-base-url-%00%01%1F%1E~%7F%C2%80",
+    "port": "",
+    "protocol": "non-special:",
+    "search": "",
+    "username": ""
+  },
+  {
+    "input": "https://www.example.com/path{\u007Fpath.html?query'\u007F=query#fragment<\u007Ffragment",
+    "base": "about:blank",
+    "hash": "#fragment%3C%7Ffragment",
+    "host": "www.example.com",
+    "hostname": "www.example.com",
+    "href": "https://www.example.com/path%7B%7Fpath.html?query%27%7F=query#fragment%3C%7Ffragment",
+    "origin": "https://www.example.com",
+    "password": "",
+    "pathname": "/path%7B%7Fpath.html",
+    "port": "",
+    "protocol": "https:",
+    "search": "?query%27%7F=query",
+    "username": ""
+  },
+  {
+    "input": "https://user:pass[\u007F@foo/bar",
+    "base": "http://example.org",
+    "hash": "",
+    "host": "foo",
+    "hostname": "foo",
+    "href": "https://user:pass%5B%7F@foo/bar",
+    "origin": "https://foo",
+    "password": "pass%5B%7F",
+    "pathname": "/bar",
+    "port": "",
+    "protocol": "https:",
+    "search": "",
+    "username": "user"
   }
 ]

third_party/blink/web_tests/platform/linux/external/wpt/url/a-element-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 347 PASS, 198 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 350 PASS, 198 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -555,5 +555,8 @@ FAIL Parsing: <file://­/p> against <about:blank> assert_equals: failure should
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
 FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/linux/external/wpt/url/a-element-origin-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 300 PASS, 5 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 303 PASS, 5 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing origin: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Parsing origin: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Parsing origin: <git+https://github.com/foo/bar> against <about:blank>
 PASS Parsing origin: <urn:ietf:rfc:2648> against <about:blank>
 PASS Parsing origin: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Parsing origin: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing origin: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing origin: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/linux/external/wpt/url/a-element-origin-xhtml-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 300 PASS, 5 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 303 PASS, 5 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing origin: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Parsing origin: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Parsing origin: <git+https://github.com/foo/bar> against <about:blank>
 PASS Parsing origin: <urn:ietf:rfc:2648> against <about:blank>
 PASS Parsing origin: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Parsing origin: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing origin: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing origin: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/linux/external/wpt/url/a-element-xhtml-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 347 PASS, 198 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 350 PASS, 198 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -555,5 +555,8 @@ FAIL Parsing: <file://­/p> against <about:blank> assert_equals: failure should
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
 FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/linux/external/wpt/url/url-constructor-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 417 PASS, 128 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 420 PASS, 128 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -609,5 +609,8 @@ FAIL Parsing: <file://xn--/p> against <about:blank> assert_throws_js: function "
           bURL(expected.input, expected.base)
         }" did not throw
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/linux/external/wpt/url/url-origin-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 297 PASS, 8 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 300 PASS, 8 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Origin parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Origin parsing: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Origin parsing: <git+https://github.com/foo/bar> against <about:blank>
 PASS Origin parsing: <urn:ietf:rfc:2648> against <about:blank>
 PASS Origin parsing: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Origin parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Origin parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Origin parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/linux/external/wpt/url/url-setters-expected.txt

@@ -563,11 +563,11 @@ PASS URL: Setting <https://example.net>.search = ''
 PASS <a>: Setting <https://example.net>.search = ''
 PASS <area>: Setting <https://example.net>.search = ''
 FAIL URL: Setting <a:/>.search = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <a>: Setting <a:/>.search = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <area>: Setting <a:/>.search = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 PASS URL: Setting <http://example.net>.search = '%c3%89té' Bytes already percent-encoded are left as-is
 PASS <a>: Setting <http://example.net>.search = '%c3%89té' Bytes already percent-encoded are left as-is
 PASS <area>: Setting <http://example.net>.search = '%c3%89té' Bytes already percent-encoded are left as-is
@@ -605,11 +605,11 @@ PASS URL: Setting <http://example.net>.hash = '#foo`bar'
 PASS <a>: Setting <http://example.net>.hash = '#foo`bar'
 PASS <area>: Setting <http://example.net>.hash = '#foo`bar'
 FAIL URL: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <a>: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <area>: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL URL: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"
 FAIL <a>: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"
 FAIL <area>: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"

third_party/blink/web_tests/platform/mac/external/wpt/url/a-element-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 347 PASS, 198 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 350 PASS, 198 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -555,5 +555,8 @@ FAIL Parsing: <file://­/p> against <about:blank> assert_equals: failure should
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
 FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/mac/external/wpt/url/a-element-origin-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 300 PASS, 5 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 303 PASS, 5 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing origin: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Parsing origin: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Parsing origin: <git+https://github.com/foo/bar> against <about:blank>
 PASS Parsing origin: <urn:ietf:rfc:2648> against <about:blank>
 PASS Parsing origin: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Parsing origin: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing origin: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing origin: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/mac/external/wpt/url/a-element-origin-xhtml-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 300 PASS, 5 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 303 PASS, 5 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing origin: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Parsing origin: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Parsing origin: <git+https://github.com/foo/bar> against <about:blank>
 PASS Parsing origin: <urn:ietf:rfc:2648> against <about:blank>
 PASS Parsing origin: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Parsing origin: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing origin: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing origin: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/mac/external/wpt/url/a-element-xhtml-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 347 PASS, 198 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 350 PASS, 198 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -555,5 +555,8 @@ FAIL Parsing: <file://­/p> against <about:blank> assert_equals: failure should
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
 FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/mac/external/wpt/url/url-constructor-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 417 PASS, 128 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 420 PASS, 128 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -609,5 +609,8 @@ FAIL Parsing: <file://xn--/p> against <about:blank> assert_throws_js: function "
           bURL(expected.input, expected.base)
         }" did not throw
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/mac/external/wpt/url/url-origin-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 297 PASS, 8 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 300 PASS, 8 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Origin parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Origin parsing: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Origin parsing: <git+https://github.com/foo/bar> against <about:blank>
 PASS Origin parsing: <urn:ietf:rfc:2648> against <about:blank>
 PASS Origin parsing: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Origin parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Origin parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Origin parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/mac/external/wpt/url/url-setters-expected.txt

@@ -563,11 +563,11 @@ PASS URL: Setting <https://example.net>.search = ''
 PASS <a>: Setting <https://example.net>.search = ''
 PASS <area>: Setting <https://example.net>.search = ''
 FAIL URL: Setting <a:/>.search = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <a>: Setting <a:/>.search = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <area>: Setting <a:/>.search = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' UTF-8 percent encoding with the query encode set. Tabs and newlines are removed. assert_equals: expected "a:/?%00%01%1F%20!%22%23$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/?%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 PASS URL: Setting <http://example.net>.search = '%c3%89té' Bytes already percent-encoded are left as-is
 PASS <a>: Setting <http://example.net>.search = '%c3%89té' Bytes already percent-encoded are left as-is
 PASS <area>: Setting <http://example.net>.search = '%c3%89té' Bytes already percent-encoded are left as-is
@@ -605,11 +605,11 @@ PASS URL: Setting <http://example.net>.hash = '#foo`bar'
 PASS <a>: Setting <http://example.net>.hash = '#foo`bar'
 PASS <area>: Setting <http://example.net>.hash = '#foo`bar'
 FAIL URL: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <a>: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <area>: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "a:/#%00%01%09%0A%0D%1F !\"#$%&'()*+,-./09:;<=>?@AZ[\\]^_`az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL URL: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"
 FAIL <a>: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"
 FAIL <area>: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"

third_party/blink/web_tests/platform/win/external/wpt/url/a-element-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 344 PASS, 201 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 347 PASS, 201 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -555,5 +555,8 @@ FAIL Parsing: <file://­/p> against <about:blank> assert_equals: failure should
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
 FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/win/external/wpt/url/a-element-origin-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 298 PASS, 7 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 301 PASS, 7 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing origin: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Parsing origin: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Parsing origin: <git+https://github.com/foo/bar> against <about:blank>
 PASS Parsing origin: <urn:ietf:rfc:2648> against <about:blank>
 PASS Parsing origin: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Parsing origin: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing origin: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing origin: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/win/external/wpt/url/a-element-origin-xhtml-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 298 PASS, 7 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 301 PASS, 7 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing origin: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Parsing origin: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Parsing origin: <git+https://github.com/foo/bar> against <about:blank>
 PASS Parsing origin: <urn:ietf:rfc:2648> against <about:blank>
 PASS Parsing origin: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Parsing origin: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing origin: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing origin: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/win/external/wpt/url/a-element-xhtml-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 344 PASS, 201 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 347 PASS, 201 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -555,5 +555,8 @@ FAIL Parsing: <file://­/p> against <about:blank> assert_equals: failure should
 PASS Parsing: <file://%C2%AD/p> against <about:blank>
 FAIL Parsing: <file://xn--/p> against <about:blank> assert_unreached: Expected URL to fail parsing Reached unreachable code
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/win/external/wpt/url/url-constructor-expected.txt

 This is a testharness.js-based test.
-Found 545 tests; 410 PASS, 135 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 548 tests; 413 PASS, 135 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -617,5 +617,8 @@ FAIL Parsing: <file://xn--/p> against <about:blank> assert_throws_js: function "
           bURL(expected.input, expected.base)
         }" did not throw
 PASS Parsing: <#link> against <https://example.org/##link>
+PASS Parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/win/external/wpt/url/url-origin-expected.txt

 This is a testharness.js-based test.
-Found 305 tests; 295 PASS, 10 FAIL, 0 TIMEOUT, 0 NOTRUN.
+Found 308 tests; 298 PASS, 10 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Loading data…
 PASS Origin parsing: <http://example	.
 org> against <http://example.org/foo/bar>
@@ -314,5 +314,8 @@ PASS Origin parsing: <ldap://localhost:389/ou=People,o=JNDITutorial> against <ab
 PASS Origin parsing: <git+https://github.com/foo/bar> against <about:blank>
 PASS Origin parsing: <urn:ietf:rfc:2648> against <about:blank>
 PASS Origin parsing: <tag:joe@example.org,2001:foo/bar> against <about:blank>
+PASS Origin parsing: <non-special:cannot-be-a-base-url-\0
~€> against <about:blank>
+PASS Origin parsing: <https://www.example.com/path{path.html?query'=query#fragment<fragment> against <about:blank>
+PASS Origin parsing: <https://user:pass[@foo/bar> against <http://example.org>
 Harness: the test ran to completion.
 

third_party/blink/web_tests/platform/win/external/wpt/url/url-setters-expected.txt

@@ -605,11 +605,11 @@ PASS URL: Setting <http://example.net>.hash = '#foo`bar'
 PASS <a>: Setting <http://example.net>.hash = '#foo`bar'
 PASS <area>: Setting <http://example.net>.hash = '#foo`bar'
 FAIL URL: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "file:///A:/#%01%09%0A%0D%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "file:///A:/#%01%09%0A%0D%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <a>: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "file:///A:/#%01%09%0A%0D%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "file:///A:/#%01%09%0A%0D%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL <area>: Setting <a:/>.hash = '\0
	
-\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "file:///A:/#%01%09%0A%0D%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%C2%80%C2%81%C3%89%C3%A9"
+\r !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~€Éé' Simple percent-encoding; tabs and newlines are removed assert_equals: expected "a:/#%00%01%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9" but got "file:///A:/#%01%09%0A%0D%1F%20!%22#$%&'()*+,-./09:;%3C=%3E?@AZ[\\]^_%60az{|}~%7F%C2%80%C2%81%C3%89%C3%A9"
 FAIL URL: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"
 FAIL <a>: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"
 FAIL <area>: Setting <http://example.net>.hash = 'a\0b' Percent-encode NULLs in fragment assert_equals: expected "http://example.net/#a%00b" but got "http://example.net/#ab"

url/url_canon_etc.cc

@@ -245,10 +245,9 @@ bool DoPort(const CHAR* spec,
 }
 
 // clang-format off
-//   Percent-escape all "C0 controls" (0x00-0x1F)
-//   https://infra.spec.whatwg.org/#c0-control along with the characters ' '
-//   (0x20), '"' (0x22), '<' (0x3C), '>' (0x3E), and '`' (0x60):
-const bool kShouldEscapeCharInRef[0x80] = {
+//   Percent-escape all characters from the fragment percent-encode set
+//   https://url.spec.whatwg.org/#fragment-percent-encode-set
+const bool kShouldEscapeCharInFragment[0x80] = {
 //  Control characters (0x00-0x1F)
     true,  true,  true,  true,  true,  true,  true,  true,
     true,  true,  true,  true,  true,  true,  true,  true,
@@ -276,8 +275,8 @@ const bool kShouldEscapeCharInRef[0x80] = {
     false, false, false, false, false, false, false, false,
 //  p      q      r      s      t      u      v      w
     false, false, false, false, false, false, false, false,
-//  x      y      z      {      |      }      ~
-    false, false, false, false, false, false, false
+//  x      y      z      {      |      }      ~      DELETE
+    false, false, false, false, false, false, false, true
 };
 // clang-format on
 
@@ -307,7 +306,7 @@ void DoCanonicalizeRef(const CHAR* spec,
 
     UCHAR current_char = static_cast<UCHAR>(spec[i]);
     if (current_char < 0x80) {
-      if (kShouldEscapeCharInRef[current_char])
+      if (kShouldEscapeCharInFragment[current_char])
         AppendEscapedChar(static_cast<unsigned char>(spec[i]), output);
       else
         output->push_back(static_cast<char>(spec[i]));

url/url_canon_pathurl.cc

@@ -26,13 +26,16 @@ void DoCanonicalizePathComponent(const CHAR* source,
     if (separator)
       output->push_back(separator);
     // Copy the path using path URL's more lax escaping rules (think for
-    // javascript:). We convert to UTF-8 and escape non-ASCII, but leave all
-    // ASCII characters alone. This helps readability of JavaStript.
+    // javascript:). We convert to UTF-8 and escape characters from the
+    // C0 control percent-encode set, but leave all other characters alone.
+    // This helps readability of JavaScript.
+    // https://url.spec.whatwg.org/#cannot-be-a-base-url-path-state
+    // https://url.spec.whatwg.org/#c0-control-percent-encode-set
     new_component->begin = output->length();
     int end = component.end();
     for (int i = component.begin; i < end; i++) {
       UCHAR uch = static_cast<UCHAR>(source[i]);
-      if (uch < 0x20 || uch >= 0x80)
+      if (uch < 0x20 || uch > 0x7E)
         AppendUTF8EscapedChar(source, &i, end, output);
       else
         output->push_back(static_cast<char>(uch));