#36586: Escaping (ampersand) in browsable API URLs ---------------------------------+-------------------------------------- Reporter: J M | Owner: (none) Type: Bug | Status: closed Component: Template system | Version: 5.2 Severity: Normal | Resolution: invalid Keywords: urlize | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ---------------------------------+-------------------------------------- Comment (by Bruno Alla):
''To whoever finds this ticket...'' I think the problem wasn't reported in the best way by OP. The issue was indeed caught in the browsable API in DRF, and we managed to isolate the problem with the following snippet: {{{ >>> from django.utils.html import urlize >>> urlize('http://example.com/foos/?page=2×tamp=1') '<a href="http://example.com/foos/?page=2%C3%97tamp%3D1">http://example.com/foos/?page=2×tamp=1</a>' }}} The problem manifest by `×tamp=1` being translated to `%C3%97tamp%3D1`. I did't see the string `×` in that, so suspected a bug, potentially inherited from Python. Looking more closely at the Django implementation, it indeed relies heavily on the Python API `html.unescape`, which has the same behaviour: {{{ >>> import html >>> html.unescape('https://example.com/?page=1×tamp=3') 'https://example.com/?page=1×tamp=3' }}} Searching the cPython issue tracker brought up this issue https://github.com/python/cpython/issues/85050 which says: > According to https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references #cite_ref-semicolon_1-64 the trailing semicolon can be omitted for the named entity "reg". That means "®" and "®" are equivalent. So this working as per the spec. -- Ticket URL: <https://code.djangoproject.com/ticket/36586#comment:3> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/django-updates/010701999ca47523-a56b56a2-ce78-475b-8549-ef855157f5c7-000000%40eu-central-1.amazonses.com.