#9655: urlize should not quote already quoted urls. ---------------------------------------------+------------------------------ Reporter: flytwokites | Owner: nobody Status: reopened | Milestone: Component: Template system | Version: 1.0 Resolution: | Keywords: urlize Stage: Design decision needed | Has_patch: 0 Needs_docs: 0 | Needs_tests: 0 Needs_better_patch: 0 | ---------------------------------------------+------------------------------ Changes (by Christopher Lenz <cml...@gmx.de>):
* cc: cml...@gmx.de (added) Comment: I just came across this bug in a Django app of ours. Users copy and paste URLs from the location bar or from elsewhere into a text field, and when those URLs are already encoded (which is ''very'' likely as far as I can tell), `urlize` is often going to break the link (bad). I've had to copy and modify the whole `urlize` function and filter to get rid of the quoting. Why not just leave the URL alone, and HTML-escape it (both in the `href` attribute and the link text) to fend off potential XSS problems. If the original link did indeed require encoding, the user agent will take care of that, and the link will at least ''work''. The author can still go in and paste a properly encoded link if she's a nitpicking-validator-using power user. At the very least, it should be possible to turn off the quoting (another keyword arg on `django.utils.html.urlize`). But I still think the current behavior does not make sense and should be changed. -- Ticket URL: <http://code.djangoproject.com/ticket/9655#comment:6> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---