Proper escaping of URLs when replacing query parameter

2025-07-23 06:29:58 +03:00 · 2014-11-03 11:06:45 +00:00 · 2014-11-03 11:06:45 +00:00 · 56d054e634
commit 56d054e634
parent 1ef4e6b7a8
1 changed files with 1 additions and 1 deletions
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@ -23,7 +23,7 @@ def replace_query_param(url, key, val):
    query_dict = QueryDict(query).copy()
    query_dict[key] = val
    query = query_dict.urlencode()
-    return urlparse.urlunsplit((scheme, netloc, path, query, fragment))
+    return escape(urlparse.urlunsplit((scheme, netloc, path, query, fragment)))


 # Regex for adding classes to html snippets