Properly escape URLs when replacing query parameter

author: Tom Christie 2014-11-03 11:10:24 +0000
committer: Tom Christie 2014-11-03 11:10:24 +0000
commit: b5c98f686d8aa8f249aa0270f8ee0560482d9538 (patch)
tree: c04f6426e7e719a306ebe45dd44c6ef8782d9d60
parent: 65a0d083d63d4f22a2e985a847284ad4f4a3d572 (diff)
download: django-rest-framework-b5c98f686d8aa8f249aa0270f8ee0560482d9538.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py
index 864d64dd..7c914ed6 100644
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@@ -22,7 +22,7 @@ def replace_query_param(url, key, val):
     query_dict = QueryDict(query).copy()
     query_dict[key] = val
     query = query_dict.urlencode()
-    return urlparse.urlunsplit((scheme, netloc, path, query, fragment))
+    return escape(urlparse.urlunsplit((scheme, netloc, path, query, fragment)))
 
 
 # Regex for adding classes to html snippets
author	Tom Christie	2014-11-03 11:10:24 +0000
committer	Tom Christie	2014-11-03 11:10:24 +0000
commit	b5c98f686d8aa8f249aa0270f8ee0560482d9538 (patch)
tree	c04f6426e7e719a306ebe45dd44c6ef8782d9d60
parent	65a0d083d63d4f22a2e985a847284ad4f4a3d572 (diff)
download	django-rest-framework-b5c98f686d8aa8f249aa0270f8ee0560482d9538.tar.bz2