Nir Soffer <nir...@gmail.com> added the comment: Senthil said: > The way to handle this issue would be add these characters > '%/:=&?~#+!$,;'@()*[]' to always_safe list.
This is wrong - for example, '&=?' are NOT safe when quoting parameters for query string. This will break exiting code that assume the default safe parameters. Other characters may be unsafe in other parts of the url - I did not check which - and I don't have time to check. The current default (safe='/') is the best option - it will work correctly in most case, and in the worst is escaping some characters which are safe in particular use case. Since only the user know the context, the user should add safe characters to the function. If you don't specify anything, the function should be safe as possible for the worst use case. If you want to add characters to the default safe list, you have to make sure that the function will not break for common use cases. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue2637> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
