iriencode doesn't respect safe strings
|Reported by:||Owned by:||nobody|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
This happens probably since autoescape. Steps to reproduce:
- In a model, use the following:
class Admin: list_filter = ['column_a', 'column_b']
and you'll have two filters shown in the admin.
- Choose something other than "All" in the first filter
- Hover the mouse over something other than "All" in the second filter and look at the url.
Result: It will have a "&" somewhere, when it should only have a "&". It doesn't work if you click it, of course.
See also #5976 for a related bug.
Change History (5)
comment:1 Changed 9 years ago by
|Patch needs improvement:||unset|
comment:3 Changed 9 years ago by
|Component:||Admin interface → Template system|
|Summary:||Admin escapes ampersands in URLs when joining filters → iriencode doesn't respect safe strings|
|Triage Stage:||Accepted → Ready for checkin|