From a5fc65b46e524725f73a24405b8d2f38afedc3d4 Mon Sep 17 00:00:00 2001 From: Gary Wilson Jr Date: Sun, 3 Jan 2010 18:06:27 +0000 Subject: [PATCH] Fixed #12445 -- Added ' (single quote), @ (at sign), and ~ (tilde) to safe characters in `iri_to_uri` function. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12066 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/utils/encoding.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/django/utils/encoding.py b/django/utils/encoding.py index 335f1a1551..66e6ebdd76 100644 --- a/django/utils/encoding.py +++ b/django/utils/encoding.py @@ -131,12 +131,21 @@ def iri_to_uri(iri): Returns an ASCII string containing the encoded result. """ - # The list of safe characters here is constructed from the printable ASCII - # characters that are not explicitly excluded by the list at the end of - # section 3.1 of RFC 3987. + # The list of safe characters here is constructed from the "reserved" and + # "unreserved" characters specified in sections 2.2 and 2.3 of RFC 3986: + # reserved = gen-delims / sub-delims + # gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@" + # sub-delims = "!" / "$" / "&" / "'" / "(" / ")" + # / "*" / "+" / "," / ";" / "=" + # unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" + # Of the unreserved characters, urllib.quote already considers all but + # the ~ safe. + # The % character is also added to the list of safe characters here, as the + # end of section 3.1 of RFC 3987 specifically mentions that % must not be + # converted. if iri is None: return iri - return urllib.quote(smart_str(iri), safe='/#%[]=:;$&()+,!?*') + return urllib.quote(smart_str(iri), safe="/#%[]=:;$&()+,!?*@'~") # The encoding of the default system locale but falls back to the