URI-encode most characters in branch names for `compare` command

It's especially important to encode the `#` character, because it would
get interpreted as a URI fragment identifier. However, we let
`url.QueryEscape` encode any other unsafe characters, except allowing
special characters like `/!:^~` to appear raw. Most of these characters
aren't allowed in branch names anyway, but they can appear as git
revision expressions such as `feature^` or `mislav:feature~3`.

commands/compare.go

@@ -3,6 +3,8 @@ package commands
 import (
 	"fmt"
 	"regexp"
+	"strings"
+	"net/url"
 
 	"github.com/github/hub/github"
 	"github.com/github/hub/utils"
@@ -72,7 +74,7 @@ func compare(command *Command, args *Args) {
 		}
 	}
 
-	subpage := utils.ConcatPaths("compare", r)
+	subpage := utils.ConcatPaths("compare", rangeQueryEscape(r))
 	url := project.WebURL("", "", subpage)
 	launcher, err := utils.BrowserLauncher()
 	utils.Check(err)
@@ -91,3 +93,21 @@ func parseCompareRange(r string) string {
 	shaOrTagRangeRegexp := regexp.MustCompile(shaOrTagRange)
 	return shaOrTagRangeRegexp.ReplaceAllString(r, "$1...$2")
 }
+
+// characters we want to allow unencoded in compare views
+var compareUnescaper = strings.NewReplacer(
+	"%2F", "/",
+	"%3A", ":",
+	"%5E", "^",
+	"%7E", "~",
+	"%2A", "*",
+	"%21", "!",
+)
+
+func rangeQueryEscape(r string) string {
+	if strings.Contains(r, "..") {
+		return r
+	} else {
+		return compareUnescaper.Replace(url.QueryEscape(r))
+	}
+}