id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
5041	Admin pages insufficiently escape special characters in primary keys links	jdetaeye@…	nobody	"
To access the individual objects, the admin pages build urls which include the primary key.[[BR]]
My application has models with a string as primary key.[[BR]]
It turns out that the admin pages don't escape special characters in the primary keys very well.

RFC 2396 (see http://www.ietf.org/rfc/rfc2396.txt) lists the following special characters (not including the characters categorized as ""unwise""):
  : / # ? ; @ & = + $ , "" < > %
Django escapes only two of those:
  : /
 
Because of the limited escaping one can argue that strings as primary keys are not usuable in Django for a real-life application :-(

The attached patch provides a more complete escape routine.

The javascript code used in popup windows also doesn't escape the special characters very well. (but I haven't looked into that yet)"		closed	contrib.admin	dev		wontfix	url encode string		Accepted	1	0	0	0	0	0