From e3a7bfccbb83712caf0645e4e33f5c03d9dc462b Mon Sep 17 00:00:00 2001 From: Aymeric Augustin Date: Sat, 7 Jan 2012 18:15:28 +0000 Subject: Fixed #9655 -- Prevented the urlize template filter from double-quoting URLs. Thanks Claude Paroz for writing the tests. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17347 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/releases/1.4.txt | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'docs') diff --git a/docs/releases/1.4.txt b/docs/releases/1.4.txt index de7afc83c3..9f9ce7fb59 100644 --- a/docs/releases/1.4.txt +++ b/docs/releases/1.4.txt @@ -1044,6 +1044,15 @@ Now, the flags are keyword arguments of :meth:`@register.filter See :ref:`filters and auto-escaping ` for more information. +The :tfilter:`urlize` filter no longer escapes every URL +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When an URL contains a ``%xx`` sequence, where ``xx`` are two hexadecimal +digits, :tfilter:`urlize` assumes that the URL is already escaped, and doesn't +apply URL escaping again. This is wrong for URLs whose unquoted form contains +a ``%xx`` sequence, but such URLs are very unlikely to happen in the wild, +since they would confuse browsers too. + Session cookies now have the ``httponly`` flag by default ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.3