Fixed #9655 -- Prevented the urlize template filter from double-quoting URLs. Thanks Claude Paroz for writing the tests.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17347 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Aymeric Augustin <aymeric.augustin@m4x.org> 2012-01-07 18:15:28 +0000
committer: Aymeric Augustin <aymeric.augustin@m4x.org> 2012-01-07 18:15:28 +0000
commit: e3a7bfccbb83712caf0645e4e33f5c03d9dc462b (patch)
tree: 586ed337ed7ead1568522a96bea303afa9845b32 /docs/releases/1.4.txt
parent: c3697a091b7ff0d19f13821b18516ec8eaa1b8f8 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/releases/1.4.txt b/docs/releases/1.4.txt
index de7afc83c3..9f9ce7fb59 100644
--- a/docs/releases/1.4.txt
+++ b/docs/releases/1.4.txt
@@ -1044,6 +1044,15 @@ Now, the flags are keyword arguments of :meth:`@register.filter
 
 See :ref:`filters and auto-escaping <filters-auto-escaping>` for more information.
 
+The :tfilter:`urlize` filter no longer escapes every URL
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When an URL contains a ``%xx`` sequence, where ``xx`` are two hexadecimal
+digits, :tfilter:`urlize` assumes that the URL is already escaped, and doesn't
+apply URL escaping again. This is wrong for URLs whose unquoted form contains
+a ``%xx`` sequence, but such URLs are very unlikely to happen in the wild,
+since they would confuse browsers too.
+
 Session cookies now have the ``httponly`` flag by default
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
author	Aymeric Augustin <aymeric.augustin@m4x.org>	2012-01-07 18:15:28 +0000
committer	Aymeric Augustin <aymeric.augustin@m4x.org>	2012-01-07 18:15:28 +0000
commit	e3a7bfccbb83712caf0645e4e33f5c03d9dc462b (patch)
tree	586ed337ed7ead1568522a96bea303afa9845b32 /docs/releases/1.4.txt
parent	c3697a091b7ff0d19f13821b18516ec8eaa1b8f8 (diff)