diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py index f1825a24b..9b1f32197 100644 --- a/rest_framework/templatetags/rest_framework.py +++ b/rest_framework/templatetags/rest_framework.py @@ -198,7 +198,7 @@ def urlize_quoted_links(text, trim_url_limit=None, nofollow=True, autoescape=Tru trimmed = trim_url(middle) if autoescape and not safe_input: lead, trail = escape(lead), escape(trail) - url, trimmed = escape(url), escape(trimmed) + trimmed = escape(trimmed) middle = '%s' % (url, nofollow_attr, trimmed) words[i] = mark_safe('%s%s%s' % (lead, middle, trail)) else: diff --git a/tests/test_renderers.py b/tests/test_renderers.py index a8fd5f460..41072deac 100644 --- a/tests/test_renderers.py +++ b/tests/test_renderers.py @@ -101,6 +101,14 @@ class HTMLView1(APIView): def get(self, request, **kwargs): return Response('text') + +class HTMLView2(APIView): + renderer_classes = (BrowsableAPIRenderer, JSONRenderer) + + def get(self, request, **kwargs): + return Response({'url': 'http://domain.com/?param=Yes+%26+No'}) + + urlpatterns = patterns( '', url(r'^.*\.(?P.+)$', MockView.as_view(renderer_classes=[RendererA, RendererB])), @@ -111,6 +119,7 @@ urlpatterns = patterns( url(r'^parseerror$', MockPOSTView.as_view(renderer_classes=[JSONRenderer, BrowsableAPIRenderer])), url(r'^html$', HTMLView.as_view()), url(r'^html1$', HTMLView1.as_view()), + url(r'^html2$', HTMLView2.as_view()), url(r'^empty$', EmptyGETView.as_view()), url(r'^api', include('rest_framework.urls', namespace='rest_framework')) ) @@ -269,6 +278,16 @@ class RendererEndToEndTests(TestCase): self.assertContains(resp, '>application/json<') self.assertNotContains(resp, '>text/html; charset=utf-8<') + def test_browsable_api_urls(self): + """ + Issue #1649 + + Test that URLs have properly escaped GET parameters. + """ + resp = self.client.get('/html2') + # GET parameter should be escaped as Yes+%26+No, not Yes+&+No + self.assertEqual(resp.rendered_content.find('Yes+&+No'), -1) + _flat_repr = '{"foo":["bar","baz"]}' _indented_repr = '{\n "foo": [\n "bar",\n "baz"\n ]\n}'