summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2010-09-13 23:01:34 +0000
committerLuke Plant <L.Plant.98@cantab.net>2010-09-13 23:01:34 +0000
commit6fb4f6e2996cf442b614a073f30839419d9db030 (patch)
tree4b7973cb9ae8aecd4b589220ac93a5eb1db6e662
parent76366aab18a0308f1465feb6236bff9e2907e570 (diff)
Fixed #13765 - 'safe' parameter for urlencode filter
Thanks to KyleMac for the suggestion and SmileyChris for the patch git-svn-id: http://code.djangoproject.com/svn/django/trunk@13849 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/template/defaultfilters.py16
-rw-r--r--django/utils/http.py4
-rw-r--r--docs/ref/templates/builtins.txt13
-rw-r--r--tests/regressiontests/templates/filters.py4
4 files changed, 32 insertions, 5 deletions
diff --git a/django/template/defaultfilters.py b/django/template/defaultfilters.py
index b0b094bb70..1500a05ab3 100644
--- a/django/template/defaultfilters.py
+++ b/django/template/defaultfilters.py
@@ -291,10 +291,20 @@ def upper(value):
upper.is_safe = False
upper = stringfilter(upper)
-def urlencode(value):
- """Escapes a value for use in a URL."""
+def urlencode(value, safe=None):
+ """
+ Escapes a value for use in a URL.
+
+ Takes an optional ``safe`` parameter used to determine the characters which
+ should not be escaped by Django's ``urlquote`` method. If not provided, the
+ default safe characters will be used (but an empty string can be provided
+ when *all* characters should be escaped).
+ """
from django.utils.http import urlquote
- return urlquote(value)
+ kwargs = {}
+ if safe is not None:
+ kwargs['safe'] = safe
+ return urlquote(value, **kwargs)
urlencode.is_safe = False
urlencode = stringfilter(urlencode)
diff --git a/django/utils/http.py b/django/utils/http.py
index f0b1af9c58..610fcbf685 100644
--- a/django/utils/http.py
+++ b/django/utils/http.py
@@ -14,7 +14,7 @@ def urlquote(url, safe='/'):
can safely be used as part of an argument to a subsequent iri_to_uri() call
without double-quoting occurring.
"""
- return force_unicode(urllib.quote(smart_str(url), safe))
+ return force_unicode(urllib.quote(smart_str(url), smart_str(safe)))
urlquote = allow_lazy(urlquote, unicode)
@@ -25,7 +25,7 @@ def urlquote_plus(url, safe=''):
returned string can safely be used as part of an argument to a subsequent
iri_to_uri() call without double-quoting occurring.
"""
- return force_unicode(urllib.quote_plus(smart_str(url), safe))
+ return force_unicode(urllib.quote_plus(smart_str(url), smart_str(safe)))
urlquote_plus = allow_lazy(urlquote_plus, unicode)
def urlencode(query, doseq=0):
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
index 4f33bd212c..85c0b6dc26 100644
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@@ -1967,6 +1967,19 @@ For example::
If ``value`` is ``"http://www.example.org/foo?a=b&c=d"``, the output will be
``"http%3A//www.example.org/foo%3Fa%3Db%26c%3Dd"``.
+.. versionadded:: 1.1
+
+An optional argument containing the characters which should not be escaped can
+be provided.
+
+If not provided, the '/' character is assumed safe. An empty string can be
+provided when *all* characters should be escaped. For example::
+
+ {{ value|urlencode:"" }}
+
+If ``value`` is ``"http://www.example.org/"``, the output will be
+``"http%3A%2F%2Fwww.example.org%2F"``.
+
.. templatefilter:: urlize
urlize
diff --git a/tests/regressiontests/templates/filters.py b/tests/regressiontests/templates/filters.py
index af34c58a9f..9ada4fb26e 100644
--- a/tests/regressiontests/templates/filters.py
+++ b/tests/regressiontests/templates/filters.py
@@ -265,6 +265,10 @@ def get_filter_tests():
'filter-iriencode03': ('{{ url|iriencode }}', {'url': mark_safe('?test=1&me=2')}, '?test=1&me=2'),
'filter-iriencode04': ('{% autoescape off %}{{ url|iriencode }}{% endautoescape %}', {'url': mark_safe('?test=1&me=2')}, '?test=1&me=2'),
+ # urlencode
+ 'filter-urlencode01': ('{{ url|urlencode }}', {'url': '/test&"/me?/'}, '/test%26%22/me%3F/'),
+ 'filter-urlencode02': ('/test/{{ urlbit|urlencode:"" }}/', {'urlbit': 'escape/slash'}, '/test/escape%2Fslash/'),
+
# Chaining a bunch of safeness-preserving filters should not alter
# the safe status either way.
'chaining01': ('{{ a|capfirst|center:"7" }}.{{ b|capfirst|center:"7" }}', {"a": "a < b", "b": mark_safe("a < b")}, " A &lt; b . A < b "),