From b5c98f686d8aa8f249aa0270f8ee0560482d9538 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Mon, 3 Nov 2014 11:10:24 +0000
Subject: [PATCH] Properly escape URLs when replacing query parameter

---
 rest_framework/templatetags/rest_framework.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py
index 864d64dd0..7c914ed65 100644
--- a/rest_framework/templatetags/rest_framework.py
+++ b/rest_framework/templatetags/rest_framework.py
@@ -22,7 +22,7 @@ def replace_query_param(url, key, val):
     query_dict = QueryDict(query).copy()
     query_dict[key] = val
     query = query_dict.urlencode()
-    return urlparse.urlunsplit((scheme, netloc, path, query, fragment))
+    return escape(urlparse.urlunsplit((scheme, netloc, path, query, fragment)))
 
 
 # Regex for adding classes to html snippets