Revert "Fix parseUri to sanitize urls containing ASCII newline or tab (#17967)" (#17984)

This reverts commit f4dd95f3bee14b69caec63c3be984c4a75f43c8a.

3 files changed, 3 insertions, 42 deletions

diff --git a/changelog.md b/changelog.md
index 7732aec30..29b3237d0 100644
--- a/changelog.md
+++ b/changelog.md
@@ -299,7 +299,6 @@
 
 - Added `copyWithin` [for `seq` and `array` for JavaScript targets](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/copyWithin).
 
-- Added optional `strict` argument to `parseUri` of `uri` module to raise a `UriParseError` if input contains newline or tab characters, or [remove them in non-strict case](https://url.spec.whatwg.org/#concept-basic-url-parser).
 
 ## Language changes
 
diff --git a/lib/pure/uri.nim b/lib/pure/uri.nim
index 67d5e5933..a828298c2 100644
--- a/lib/pure/uri.nim
+++ b/lib/pure/uri.nim
@@ -51,8 +51,6 @@ type
 
   UriParseError* = object of ValueError
 
-# https://url.spec.whatwg.org/#concept-basic-url-parser
-const unsafeUrlBytesToRemove = {'\t', '\r', '\n'}
 
 proc uriParseError*(msg: string) {.noreturn.} =
   ## Raises a `UriParseError` exception with message `msg`.
@@ -263,11 +261,7 @@ func resetUri(uri: var Uri) =
     else:
       f = false
 
-func removeUnsafeBytesFromUri(uri: string): string =
-  for c in uri:
-    if c notin unsafeUrlBytesToRemove: result.add c
-
-func parseUri*(uri: string, result: var Uri, strict = true) =
+func parseUri*(uri: string, result: var Uri) =
   ## Parses a URI. The `result` variable will be cleared before.
   ##
   ## **See also:**
@@ -279,26 +273,6 @@ func parseUri*(uri: string, result: var Uri, strict = true) =
     assert res.scheme == "https"
     assert res.hostname == "nim-lang.org"
     assert res.path == "/docs/manual.html"
-
-    # Non-strict
-    res = initUri()
-    parseUri("https://nim-lang\n.org\t/docs/", res, strict=false)
-    assert res.scheme == "https"
-    assert res.hostname == "nim-lang.org"
-    assert res.path == "/docs/"
-
-    # Strict
-    res = initUri()
-    doAssertRaises(UriParseError):
-      parseUri("https://nim-lang\n.org\t/docs/", res)
-
-  var uri = uri
-  if strict:
-    for c in uri:
-      if c in unsafeUrlBytesToRemove: uriParseError("Invalid uri '$#'" % uri)
-  else:
-    uri = removeUnsafeBytesFromUri(uri)
-
   resetUri(result)
 
   var i = 0
@@ -335,7 +309,7 @@ func parseUri*(uri: string, result: var Uri, strict = true) =
   # Path
   parsePath(uri, i, result)
 
-func parseUri*(uri: string, strict = true): Uri =
+func parseUri*(uri: string): Uri =
   ## Parses a URI and returns it.
   ##
   ## **See also:**
@@ -346,7 +320,7 @@ func parseUri*(uri: string, strict = true): Uri =
     assert res.password == "Password"
     assert res.scheme == "ftp"
   result = initUri()
-  parseUri(uri, result, strict)
+  parseUri(uri, result)
 
 func removeDotSegments(path: string): string =
   ## Collapses `..` and `.` in `path` in a similar way as done in `os.normalizedPath`
diff --git a/tests/stdlib/turi.nim b/tests/stdlib/turi.nim
index 26b88a982..a3b6afe2c 100644
--- a/tests/stdlib/turi.nim
+++ b/tests/stdlib/turi.nim
@@ -141,18 +141,6 @@ template main() =
       doAssert test.port == ""
       doAssert test.path == "/foo/bar/baz.txt"
 
-    block: # Strict
-      doAssertRaises(UriParseError):
-        discard parseUri("https://nim-lang\n.org\t/docs/\nalert('msg\r\n')/?query\n=\tvalue#frag\nment")
-
-      # Non-strict would sanitize newline and tab characters from input
-      let test = parseUri("https://nim-lang\n.org\t/docs/\nalert('msg\r\n')/?query\n=\tvalue#frag\nment", strict=false)
-      assert test.scheme == "https"
-      assert test.hostname == "nim-lang.org"
-      assert test.path == "/docs/alert('msg')/"
-      assert test.query == "query=value"
-      assert test.anchor == "fragment"
-
   block: # combine
     block:
       let concat = combine(parseUri("http://google.com/foo/bar/"), parseUri("baz"))