Adds ^ and | to the set of allowed characters in HTTP/2 request p…

…aths.

Despite the guidance in RFC 3986, these characters are well represented in HTTP requests from the public internet.

Protected by FLAGS_gfe2_reloadable_flag_http2_reject_invalid_paths_non_cloud_3.

PiperOrigin-RevId: 676056873

quiche/balsa/header_properties.h

@@ -51,10 +51,10 @@ inline constexpr char kInvalidHeaderCharList[] = {
 // The set of characters allowed in the Path and Query components of a URI, as
 // described in RFC 3986 Sections 3.3 and 3.4. Also includes the following
 // characters, which are not actually valid, but are seen in request paths on
-// the internet and unlikely to cause problems: []{}
+// the internet and unlikely to cause problems: []{}|^
 inline constexpr char kValidPathCharList[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~%!$&'()*"
-    "+,;=:@/?[]{}";
+    "+,;=:@/?[]{}|^";
 
 // Returns true if the given `c` is invalid in a header field name. The first
 // version is spec compliant, the second one incorrectly allows '"'.

quiche/balsa/header_properties_test.cc

@@ -106,9 +106,10 @@ TEST(HeaderPropertiesTest, HasInvalidPathChar) {
   EXPECT_FALSE(HasInvalidPathChar("invalid_path/but/valid/chars"));
   EXPECT_FALSE(HasInvalidPathChar("/path/with?query;fragment"));
   EXPECT_FALSE(HasInvalidPathChar("/path2.fun/my_site-root/!&$=,+*()/wow"));
-  // Surprise! [] and {} are seen in requests on the internet.
+  // Surprise! []{}^| are seen in requests on the internet.
   EXPECT_FALSE(HasInvalidPathChar("/square[brackets]surprisingly/allowed"));
   EXPECT_FALSE(HasInvalidPathChar("/curly{braces}surprisingly/allowed"));
+  EXPECT_FALSE(HasInvalidPathChar("/caret^pipe|surprisingly/allowed"));
 
   EXPECT_TRUE(HasInvalidPathChar("/path with spaces"));
   EXPECT_TRUE(HasInvalidPathChar("/path\rwith\tother\nwhitespace"));