[issue2637] urllib.quote() escapes characters unnecessarily and contrary to docs
Nir Soffer
report at bugs.python.org
Sun Aug 9 17:40:47 CEST 2009
Nir Soffer <nirsof at gmail.com> added the comment:
Senthil said:
> The way to handle this issue would be add these characters
> '%/:=&?~#+!$,;'@()*[]' to always_safe list.
This is wrong - for example, '&=?' are NOT safe when quoting parameters
for query string. This will break exiting code that assume the default
safe parameters.
Other characters may be unsafe in other parts of the url - I did not
check which - and I don't have time to check. The current default
(safe='/') is the best option - it will work correctly in most case, and
in the worst is escaping some characters which are safe in particular
use case.
Since only the user know the context, the user should add safe
characters to the function. If you don't specify anything, the function
should be safe as possible for the worst use case.
If you want to add characters to the default safe list, you have to make
sure that the function will not break for common use cases.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue2637>
_______________________________________
More information about the Python-bugs-list
mailing list