ngx.escape_uri does not follow its doc strictly

[spacewander]

The doc says:

syntax: newstr = ngx.escape_uri(str, type?)

context: init_by_lua*, init_worker_by_lua*, set_by_lua*, rewrite_by_lua*, access_by_lua*, content_by_lua*, header_filter_by_lua*, body_filter_by_lua*, log_by_lua*, ngx.timer.*, balancer_by_lua*, ssl_certificate_by_lua*, ssl_session_fetch_by_lua*, ssl_session_store_by_lua*, exit_worker_by_lua*, ssl_client_hello_by_lua*

Since v0.10.16, this function accepts an optional type argument. It accepts the following values (defaults to 2):

0: escapes str as a full URI. And the characters (space), #, %, ?, 0x00 ~ 0x1F, 0x7F ~ 0xFF will be escaped.
2: escape str as a URI component. All characters except alphabetic characters, digits, -, ., _, ~ will be encoded as %XX.

Although it says "All characters except alphabetic characters, digits, -, ., _, ~ will be encoded as %XX.", In fact, according to the code

https://github.com/openresty/lua-nginx-module/blob/562e10690a9ce2bb8ac04cedbf18a28de64b9970/src/ngx_http_lua_util.c#L2068-L2069

*()'! are still not escaped for URI component type.