#2977: [patch] Better handling of regular expressions for reverse urlresolver
---------------------------+------------------------------------------------
   Reporter:  SmileyChris  |                Owner:  adrian                
     Status:  new          |            Component:  Core framework        
    Version:               |           Resolution:                        
   Keywords:               |                Stage:  Design decision needed
  Has_patch:  1            |           Needs_docs:  0                     
Needs_tests:  0            |   Needs_better_patch:  0                     
---------------------------+------------------------------------------------
Comment (by Todd O'Bryan <[EMAIL PROTECTED]>):

 I'm not sure that you're sufficiently sneaky when removing special
 characters from URLs...
 
 For example, you're using the regexes
 {{{re_unused = re.compile(r'(?<!\\)[$?*+^()]')
 re_special = re.compile(r'\\([.+*()$])')  # Characters from the IETF URL
 standard, RFC 1738.
 }}}
 
 I'm worried that `re_unused` won't match the `$` in `r'\\$'` even though
 it should. Also, `re_special` will match `\.` in `r'\\.'` even though it
 shouldn't.
 
 Also, you don't translate unsafe characters from regexes back to normal
 strings. That might be the correct behavior--I'm not sure what
 Django/Apache does with a URL like `'/words%20with%20space'`. If `%20`
 becomes a space before it enters the url lookup system, then urls with
 unsafe characters are possible and we should be able to reverse them
 (making sure that they get encoded before they're actually included in a
 webpage). If it's kept in its encoded form, then we shouldn't have to
 worry about regexes with unsafe characters.
 
 I just created ticket #4594 with my patch. Let's figure out how to deal
 with these corner cases and maybe we can pull out the part of your code
 that deals with this so Malcolm will finally get around to applying the
 various parts. :-)

-- 
Ticket URL: <http://code.djangoproject.com/ticket/2977#comment:14>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to