Fix #3500 Add escape logic for header

[t0rchwo0d]

Hi, @appleboy, @thinkerou

Excuse me, I again think about #3500
I'm sorry to bother you.

. delimiter & Repeated / delimiter was judged to need to be delete and merge,
So, I request PR again.

• Remove characters outside the allowed range (alphabets, numeric, -, /)
• Merge Repeated / delimiters into one
• Add Test Case

[codecov]

Codecov Report

Merging #3503 (69e306f) into master (81ac7d5) will not change coverage.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #3503   +/-   ##
=======================================
  Coverage   98.63%   98.63%           
=======================================
  Files          42       42           
  Lines        3151     3151           
=======================================
  Hits         3108     3108           
  Misses         29       29           
  Partials       14       14           

Flag	Coverage Δ
	98.63% <100.00%> (ø)
go-1.16	∅ <ø> (?)
go-1.17	98.54% <100.00%> (ø)
go-1.18	98.54% <100.00%> (ø)
go-1.19	98.63% <100.00%> (ø)
go-1.20	98.63% <100.00%> (ø)
macos-latest	98.63% <100.00%> (ø)
ubuntu-latest	98.63% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
gin.go	99.19% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[t0rchwo0d]

I finished the exception handling that cases I was considering.
If / is continuous , all of it was not removed, so I added logic with Test case.

• Remove characters outside the allowed range (alphabets, numeric, -, /)
• Merge Repeated / delimiters into one
• Add Test Case

[t0rchwo0d]

Update - Initialize regular expressions only once and simplify logic

[t0rchwo0d]

Update - Test Case

[ksw2000]

I have some questions in routes_test.go. Why the expectation of Line205 is //path but not /path

gin/routes_test.go

Lines 205 to 211 in e46bd52

	w = PerformRequest(router, http.MethodGet, "/path/", header{Key: "X-Forwarded-Prefix", Value: "api/../../"})
	assert.Equal(t, "//path", w.Header().Get("Location"))
	assert.Equal(t, http.StatusMovedPermanently, w.Code)
	w = PerformRequest(router, http.MethodGet, "/path/", header{Key: "X-Forwarded-Prefix", Value: "api/../../../"})
	assert.Equal(t, "/path", w.Header().Get("Location"))
	assert.Equal(t, http.StatusMovedPermanently, w.Code)

Why the expectation of Line221 is https/gin-goniccom/https/gin-goniccom/path but not https/gin-goniccom/path

gin/routes_test.go

Lines 221 to 223 in e46bd52

	w = PerformRequest(router, http.MethodGet, "/path/", header{Key: "X-Forwarded-Prefix", Value: "https://gin-gonic.com/#"})
	assert.Equal(t, "https/gin-goniccom/https/gin-goniccom/path", w.Header().Get("Location"))
	assert.Equal(t, http.StatusMovedPermanently, w.Code)

Additionally, is there any difference if the URL prefix returned by .Location() includes a leading slash or does not include one?