#18456: HttpRequest.get_full_path does not escape # sign in the url -------------------------------------+------------------------------------- Reporter: vlad.shcherbina@… | Owner: nobody Type: Bug | Status: new Component: HTTP handling | Version: master Severity: Normal | Resolution: Keywords: | Triage Stage: Design Has patch: 0 | decision needed Needs tests: 0 | Needs documentation: 0 Easy pickings: 0 | Patch needs improvement: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Changes (by garrison):
* cc: jim@… (added) Comment: I have always found {{{request.get_full_path()}}} to be less than useful when dealing with tricky corner cases. It doesn't escape anything itself, but if you escape its output, it also escapes the '{{{?}}}' used to assemble the path and the query string: {{{ >>> from django.http import HttpRequest >>> from django.utils.http import urlquote >>> request = HttpRequest() >>> request.path = '/' >>> request.META['QUERY_STRING'] = 'q=a' >>> request.get_full_path() '/?q=a' >>> urlquote(request.get_full_path()) u'/%3Fq%3Da' }}} In cases involving both query strings and unicode characters in urls, I have found that it is best simply to avoid {{{request.get_full_path()}}} altogether. Instead, in my own projects I [https://code.ductus.us/ticket/32#comment:3 have defined a method] called {{{request.get_escaped_full_path()}}} as follows: {{{ def get_escaped_full_path(self): return '%s%s' % (iri_to_uri(urlquote(self.path)), self.META.get('QUERY_STRING', '') and ('?' + iri_to_uri(self.META.get('QUERY_STRING', ''))) or '') }}} This turns out to be much more predictable (and useful). -- Ticket URL: <https://code.djangoproject.com/ticket/18456#comment:2> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.