diff options
-rw-r--r-- | CHANGES | 2 | ||||
-rw-r--r-- | jinja2/filters.py | 3 | ||||
-rw-r--r-- | jinja2/utils.py | 8 |
3 files changed, 10 insertions, 3 deletions
@@ -31,6 +31,8 @@ Version 2.8 (`code_generator_class` and `context_class`) (pull request ``#404``). - added support for context/environment/evalctx decorator functions on the finalize callback of the environment. +- escape query strings for urlencode properly. Previously slashes were not + escaped in that place. Version 2.7.3 ------------- diff --git a/jinja2/filters.py b/jinja2/filters.py index 0fb5a5aa..4b444852 100644 --- a/jinja2/filters.py +++ b/jinja2/filters.py @@ -94,7 +94,8 @@ def do_urlencode(value): if itemiter is None: return unicode_urlencode(value) return u'&'.join(unicode_urlencode(k) + '=' + - unicode_urlencode(v) for k, v in itemiter) + unicode_urlencode(v, for_qs=True) + for k, v in itemiter) @evalcontextfilter diff --git a/jinja2/utils.py b/jinja2/utils.py index e12255f2..cdd4cd3a 100644 --- a/jinja2/utils.py +++ b/jinja2/utils.py @@ -283,7 +283,7 @@ def generate_lorem_ipsum(n=5, html=True, min=20, max=100): return Markup(u'\n'.join(u'<p>%s</p>' % escape(x) for x in result)) -def unicode_urlencode(obj, charset='utf-8'): +def unicode_urlencode(obj, charset='utf-8', for_qs=False): """URL escapes a single bytestring or unicode string with the given charset if applicable to URL safe quoting under all rules that need to be considered under all supported Python versions. @@ -295,7 +295,11 @@ def unicode_urlencode(obj, charset='utf-8'): obj = text_type(obj) if isinstance(obj, text_type): obj = obj.encode(charset) - return text_type(url_quote(obj)) + safe = for_qs and b'' or b'/' + rv = text_type(url_quote(obj, safe)) + if for_qs: + rv = rv.replace('%20', '+') + return rv class LRUCache(object): |