Hi all, currently the reversing mechanism for urls accepts a prefix-kwarg [1], which is not documented [2].
It seems like this prefix is used to prefix the entire generated url and make script_name possible, to which it defaults. It is not used in the entire code base except for tests which can directly test prefixes without going through set_script_name. So in basis: prefix is whatever get_script_name gives you. What is curious about how Django handles it, is that it treats the prefix as possibly containing regular expressions [3]. Is there any history or documentation that this can be anything other than a valid path? Removing that mechanism (it simplifies escaping the prefix, which was the original problem in #24013 [4] and a whole chain of previous tickets) unearths tests that don't actually test the correct thing, but overall it runs fineā¢. Since escaping the reversed url is sensitive security-wise, I would like a couple of eyes on it. PR is here: https://github.com/django/django/pull/4272 Bas [1]: https://docs.djangoproject.com/en/1.8/_modules/django/core/urlresolvers/#reverse [2]: https://docs.djangoproject.com/en/1.8/ref/urlresolvers/#django.core.urlresolvers.reverse [3]: https://github.com/django/django/blob/master/django/core/urlresolvers.py#L448 [4]: https://code.djangoproject.com/ticket/24013 -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2e77e916-62f6-4a3a-bfab-a289902236fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
