Opened 9 years ago

Closed 8 years ago

#2978 closed defect (invalid)

QueryDict.urlencode() doesnt quote &

Reported by: Joakim Sernbrant <serbaut@…> Owned by: adrian
Component: Core (Other) Version: master
Severity: normal Keywords: urlencode
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

QueryDict.urlencode should return

        return '&amp;'.join(output)

instead of

        return '&'.join(output)

From the tidy doc:

All special characters in HREF should be encoded. "&" is a reserved character to begin an entity. (ex: &nsbp).
"&" in HREF field should be encoded as his equivalent entity "&amp;", even when used as a separator for
parameters in the URL. Before to make you an opinion about this, please read carefully
[http://ppewww.ph.gla.ac.uk/%7Eflavell/www/formgetbyurl.html]page.

Change History (2)

comment:1 Changed 8 years ago by SmileyChris

  • Triage Stage changed from Unreviewed to Design decision needed

Sure seems like it'd help Django be that bit more perfectionist.

I hesitate to mark ready without some more thoughts about possible side-effects of this change.

comment:2 Changed 8 years ago by jacob

  • Resolution set to invalid
  • Status changed from new to closed

No, this is incorrect. An "&" in a URL is perfectly valid (go do a Google search and look at the URL); it's only in HTML that they need to be entity encoded (and you've got the escape filter for that purpose).

Note: See TracTickets for help on using tickets.
Back to Top