[Django] #36586: Escaping (ampersand) in browsable API URLs

Django Sat, 30 Aug 2025 13:35:46 -0700

#36586: Escaping (ampersand) in browsable API URLs
---------------------+-----------------------------------------
     Reporter:  J M  |                     Type:  Uncategorized
       Status:  new  |                Component:  Uncategorized
      Version:  5.2  |                 Severity:  Normal
     Keywords:       |             Triage Stage:  Unreviewed
    Has patch:  0    |      Needs documentation:  0
  Needs tests:  0    |  Patch needs improvement:  0
Easy pickings:  0    |                    UI/UX:  0
---------------------+-----------------------------------------
 When URLs with an escaped character (specifically in my case, and
 ampersand) is rendered in the browsable API, in the href it is improperly
 unescaped. This may only apply to ampersands.



 {{{
 from django.utils.html import urlize
 urlize('"tq": "http://api/foos/1/?p=1&times=1";')
 '"tq": "<a
 href="http://api/foos/1/?p=1%C3%97%3D1";>http://api/foos/1/?p=1&times=1</a>"'
 }}}
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36586>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/01070198fcb155b5-2c30dac7-c7c4-42ef-9f94-22883eb93c85-000000%40eu-central-1.amazonses.com.

[Django] #36586: Escaping (ampersand) in browsable API URLs

Reply via email to