Opened 18 years ago
Closed 18 years ago
#2978 closed defect (invalid)
QueryDict.urlencode() doesnt quote &
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | Core (Other) | Version: | dev |
| Severity: | normal | Keywords: | urlencode |
| Cc: | Triage Stage: | Design decision needed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
QueryDict.urlencode should return
return '&'.join(output)
instead of
return '&'.join(output)
From the tidy doc:
All special characters in HREF should be encoded. "&" is a reserved character to begin an entity. (ex: &nsbp). "&" in HREF field should be encoded as his equivalent entity "&", even when used as a separator for parameters in the URL. Before to make you an opinion about this, please read carefully [http://ppewww.ph.gla.ac.uk/%7Eflavell/www/formgetbyurl.html]page.
Change History (2)
comment:1 by , 18 years ago
| Triage Stage: | Unreviewed → Design decision needed |
|---|
comment:2 by , 18 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
No, this is incorrect. An "&" in a URL is perfectly valid (go do a Google search and look at the URL); it's only in HTML that they need to be entity encoded (and you've got the escape filter for that purpose).
Note:
See TracTickets
for help on using tickets.
Sure seems like it'd help Django be that bit more perfectionist.
I hesitate to mark ready without some more thoughts about possible side-effects of this change.