#18456: HttpRequest.get_full_path does not escape # sign in the url -------------------------------------+------------------------------------- Reporter: vlad.shcherbina@… | Owner: Type: Bug | unaizalakain Component: HTTP handling | Status: assigned Severity: Normal | Version: master Keywords: | Resolution: Has patch: 0 | Triage Stage: Accepted Needs tests: 0 | Needs documentation: 0 Easy pickings: 0 | Patch needs improvement: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Changes (by unaizalakain):
* owner: nobody => unaizalakain * status: new => assigned Comment: According to https://www.ietf.org/rfc/rfc2396.txt {{{ The path may consist of a sequence of path segments separated by a single slash "/" character. Within a path segment, the characters "/", ";", "=", and "?" are reserved. Each path segment may include a sequence of parameters, indicated by the semicolon ";" character. The parameters are not significant to the parsing of relative references. }}} I would escape all "/", ";", "=" and "?" characters. The fragment isn't even contemplated because it's not strictly part of the URI: {{{ When a URI reference is used to perform a retrieval action on the identified resource, the optional fragment identifier, separated from the URI by a crosshatch ("#") character, consists of additional reference information to be interpreted by the user agent after the retrieval action has been successfully completed. As such, it is not part of a URI, but is often used in conjunction with a URI. }}} Personally, I consider the possible logging clarity problems less important than the problems arising from `HttpRequest.get_full_path()` bad behavior. If needed, logging could use some other function to print out the URI. -- Ticket URL: <https://code.djangoproject.com/ticket/18456#comment:6> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/083.613b5ef59769a90848cfa14d01ece311%40djangoproject.com. For more options, visit https://groups.google.com/groups/opt_out.