Prefix use in reversing urls

[Bas Peschier]

Hi all,

currently the reversing mechanism for urls accepts a prefix-kwarg [1], which is not documented [2].

It seems like this prefix is used to prefix the entire generated url and make script_name possible, to which it defaults. It is not used in the entire code base except for tests which can directly test prefixes without going through set_script_name. So in basis: prefix is whatever get_script_name gives you.

What is curious about how Django handles it, is that it treats the prefix as possibly containing regular expressions [3]. Is there any history or documentation that this can be anything other than a valid path?

Removing that mechanism (it simplifies escaping the prefix, which was the original problem in #24013 [4] and a whole chain of previous tickets) unearths tests that don't actually test the correct thing, but overall it runs fine™. Since escaping the reversed url is sensitive security-wise, I would like a couple of eyes on it.

PR is here: https://github.com/django/django/pull/4272

Bas

[1]: https://docs.djangoproject.com/en/1.8/_modules/django/core/urlresolvers/#reverse

[2]: https://docs.djangoproject.com/en/1.8/ref/urlresolvers/#django.core.urlresolvers.reverse

[3]: https://github.com/django/django/blob/master/django/core/urlresolvers.py#L448

[4]: https://code.djangoproject.com/ticket/24013