Escaping (ampersand) in browsable API URLs

[J M]

When URLs with an escaped character (specifically in my case, and ampersand) is rendered in the browsable API, in the href it is improperly unescaped. This may only apply to ampersands.

from django.utils.html import urlize
urlize('"tq": "http://api/foos/1/?p=1&times=1"')
'"tq": "<a href="http://api/foos/1/?p=1%C3%97%3D1">http://api/foos/1/?p=1&times=1</a>"'

[Natalia Bidart]

Hello J M, thank you for your ticket.

First of all, can you please clarify what do you mean with "browsable API"? This sounds like the ​django-rest-framework feature. Please note that this tracker is for Django core issues.

Secondly, regarding the urlize example you shared, the behavior occurs specifically when the URL contains × (the HTML entity for ×), rather than any arbitrary ampersand. This happens because urlize is designed to produce HTML-safe links, which may involve encoding characters in the URL to ensure valid HTML. Its purpose is linkification of text for safe display, not exact preservation of the raw URL string.

You can see the tests for this filter to understand better its scope and semantics: ​https://github.com/django/django/blob/main/tests/template_tests/filter_tests/test_urlize.py

Lastly, there are several user support channels available if you have further questions about how Django works: please refer to TicketClosingReasons/UseSupportChannels for ways to get help.