Opened 30 hours ago
#36586 new Uncategorized
Escaping (ampersand) in browsable API URLs
| Reported by: | J M | Owned by: | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 5.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When URLs with an escaped character (specifically in my case, and ampersand) is rendered in the browsable API, in the href it is improperly unescaped. This may only apply to ampersands.
from django.utils.html import urlize
urlize('"tq": "http://api/foos/1/?p=1×=1"')
'"tq": "<a href="http://api/foos/1/?p=1%C3%97%3D1">http://api/foos/1/?p=1×=1</a>"'
Note:
See TracTickets
for help on using tickets.