I wasn't expressing an opinion either way; just adding the relevant commit to the conversation.
Looks like RFC 3986 is the relevant RFC describing the permitted characters in URIs, specifically section 2.2 and 2.3 - http://tools.ietf.org/html/rfc3986#section-2.2 It seems like the fix makes it easier for 90% of the uses, but explicitly blocks the other 10% (i.e. uses involving the use of 'reserved' characters as permitted by the RFC). The relevant django-developers discussion is here - https://groups.google.com/forum/#!searchin/django-developers/13260/django-developers/Gofq5y40mYA/v_4yjrBItWkJ The final post addresses this issue, but doesn't seem to have been taken into account when the patch was accepted. On 2 March 2014 12:28, Erik van Zijst <[email protected]> wrote: > On Sat, Mar 1, 2014 at 2:41 PM, Sam Lai <[email protected]> wrote: >> The relevant commit and issue - >> >> https://github.com/django/django/commit/31b5275235bac150a54059db0288a19b9e0516c7 >> https://code.djangoproject.com/ticket/13260 > > Yes I saw that, but I'm confused. I thought these characters are > allowed unescaped in path segments. > > >> On 1 March 2014 17:26, Erik van Zijst <[email protected]> wrote: >>> Django's django.core.urlresolvers.reverse() seems to have changed its >>> behavior in 1.6. It now runs the arguments through quote(), without >>> specifying the safe characters for path components. As a result: >>> >>> on 1.4.10: >>> In [2]: reverse('test', args=['foo:bar']) >>> Out[2]: '/foo:bar' >>> >>> but on 1.6.2: >>> In [2]: reverse('test', args=['foo:bar']) >>> Out[2]: '/foo%3Abar' >>> >>> It would seem to me that this is a regression, as ":@-._~!$&'()*+,;=" are >>> all allowed unescaped in path segments AFAIK. >>> >>> Cheers, >>> Erik >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Django developers" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at http://groups.google.com/group/django-developers. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-developers/064ba557-a722-484f-93bf-423048b51b14%40googlegroups.com. >>> For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Django developers" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/django-developers/ZLGk7T4mJuw/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/django-developers. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/CABxbXqXKhcKFPS8ufmYDGmgHU_QjBuFUb%3DaFXk3FROJyzAJw5A%40mail.gmail.com. >> For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/CA%2B69USsj%2BuWHJJfw7-Fr8SFq34Xq0TLThR3Bq2t3r66K9oAFrw%40mail.gmail.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CABxbXqU903Ry9x04%2Bu%2B%2BVaQKnrHH2e1mLwXkjr2YenhYku%2Bsng%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
