Proper escaping of URLs when replacing query parameter

author: Tom Christie 2014-11-03 11:06:45 +0000
committer: Tom Christie 2014-11-03 11:06:45 +0000
commit: 56d054e6348a7806dd2591562d7738f1aa0bb002 (patch)
tree: 278ac165f849df33e6dafbf9df1a4f79aacaf8ce
parent: 1ef4e6b7a84f358ca1509552f535eb0c65e69aee (diff)
download: django-rest-framework-56d054e6348a7806dd2591562d7738f1aa0bb002.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py
index d9424f02..7251f071 100644
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@@ -23,7 +23,7 @@ def replace_query_param(url, key, val):
     query_dict = QueryDict(query).copy()
     query_dict[key] = val
     query = query_dict.urlencode()
-    return urlparse.urlunsplit((scheme, netloc, path, query, fragment))
+    return escape(urlparse.urlunsplit((scheme, netloc, path, query, fragment)))
 
 
 # Regex for adding classes to html snippets
author	Tom Christie	2014-11-03 11:06:45 +0000
committer	Tom Christie	2014-11-03 11:06:45 +0000
commit	56d054e6348a7806dd2591562d7738f1aa0bb002 (patch)
tree	278ac165f849df33e6dafbf9df1a4f79aacaf8ce
parent	1ef4e6b7a84f358ca1509552f535eb0c65e69aee (diff)
download	django-rest-framework-56d054e6348a7806dd2591562d7738f1aa0bb002.tar.bz2