Advice on #13260 - '%' in args to urlresolvers.reverse()

3 views
Skip to first unread message

Ben Sturmfels

unread,
Apr 17, 2010, 1:14:10 PM4/17/10
to django-d...@googlegroups.com
Hi,
I'm working on ticket #13260 and looking for some advice. The ticket is
about quoting of '%' in args and kwargs for urlresolvers.reverse().
Please ignore my initial patch as it's not quite right.

The reporter claims this is a bug:

>>> reverse('myapp.views.download', args=['100% completed.png']
"/download/100%%20completed.png"

and that output should be:

"/download/100%25%20completed.png"

My question is, is this expected behaviour, is a bug?

If expected behavior
--------------------
Currently, reverse assumes that the args and kwargs are correctly quoted
for insertion into a URI. The iri_to_url() conversion does escape some
disallowed characters, like space, but doesn't modify reserved
delimiters like '#' --- it assumes you know what your are doing.

If bug
------
Alternatively, if this is considered a bug, then urlquote should be
applied to all items in args and kwargs for reverse. That would mean
that this test is wrong though:

>>> reverse('special', args=[r'+\$*'])
'/special_chars/+%5C$*/'

It would have to output:

'/special_chars/%2B%5C%24%2A/'

Cheers,
Ben

signature.asc

Thomas Guettler

unread,
Apr 22, 2010, 10:53:00 AM4/22/10
to django-d...@googlegroups.com
>>>> reverse('special', args=[r'+\$*'])
> '/special_chars/+%5C$*/'
>
> It would have to output:
>
> '/special_chars/%2B%5C%24%2A/'

Hi,

I think the current test case is broken. All args/kwargs should
be quoted.


--
Thomas Guettler, http://www.thomas-guettler.de/
E-Mail: guettli (*) thomas-guettler + de

--
You received this message because you are subscribed to the Google Groups "Django developers" group.
To post to this group, send email to django-d...@googlegroups.com.
To unsubscribe from this group, send email to django-develop...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.

Harro

unread,
Apr 23, 2010, 7:44:18 AM4/23/10
to Django developers
The thing is, quoted get variables will get unquoted, quoted url
parameters won't be unquoted automatically. That's up to the developer
to handle.

Ran into the same issue today, and for me it made sense to do the
quoting before passing it to the reverse function, but for me it was
an URL which was passed to another url which clearly needs escaping
(apache doesn't like double / by default :D)

I can however see how you might not know the input and thus forget to
quote it. The example above is a very good one for that.
You can't just start escaping everything without breaking code in
unexpected ways.


On Apr 22, 4:53 pm, Thomas Guettler <h...@tbz-pariv.de> wrote:
> >>>> reverse('special', args=[r'+\$*'])
> > '/special_chars/+%5C$*/'
>
> > It would have to output:
>
> > '/special_chars/%2B%5C%24%2A/'
>
> Hi,
>
> I think the current test case is broken. All args/kwargs should
> be quoted.
>
> --
> Thomas Guettler,http://www.thomas-guettler.de/
Reply all
Reply to author
Forward
0 new messages