3 files changed, 8 insertions, 2 deletions

diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c
index fa3d6c2038..ced1b182eb 100644
--- a/ext/cgi/escape/escape.c
+++ b/ext/cgi/escape/escape.c
@@ -196,7 +196,7 @@ url_unreserved_char(unsigned char c)
       case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G': case 'H': case 'I': case 'J':
       case 'K': case 'L': case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R': case 'S': case 'T':
       case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z':
-      case '-': case '.': case '_':
+      case '-': case '.': case '_': case '~':
         return 1;
       default:
         break;
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
index 18eaf44375..464115262f 100644
--- a/lib/cgi/util.rb
+++ b/lib/cgi/util.rb
@@ -11,7 +11,7 @@ module CGI::Util
   #      # => "%27Stop%21%27+said+Fred"
   def escape(string)
     encoding = string.encoding
-    string.b.gsub(/([^ a-zA-Z0-9_.-]+)/) do |m|
+    string.b.gsub(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
       '%' + m.unpack('H2' * m.bytesize).join('%').upcase
     end.tr(' ', '+').force_encoding(encoding)
   end
diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
index 02558892b2..65838ec2af 100644
--- a/test/cgi/test_cgi_util.rb
+++ b/test/cgi/test_cgi_util.rb
@@ -29,6 +29,12 @@ class CGIUtilTest < Test::Unit::TestCase
     assert_equal('%26%3C%3E%22+%E3%82%86%E3%82%93%E3%82%86%E3%82%93'.ascii_only?, CGI::escape(@str1).ascii_only?) if defined?(::Encoding)
   end
 
+  def test_cgi_escape_with_unreserved_characters
+      assert_equal("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~",
+		 CGI::escape("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~"),
+                 "should not escape any unreserved characters, as per RFC3986 Section 2.3")
+  end
+
   def test_cgi_escape_with_invalid_byte_sequence
     assert_nothing_raised(ArgumentError) do
       assert_equal('%C0%3C%3C', CGI::escape("\xC0\<\<".dup.force_encoding("UTF-8")))