Why does Django's `urlencode` not encode slash?

Question

I see that Django's urlencode filter doesn't encode slash by default:

https://docs.djangoproject.com/en/dev/ref/templates/builtins/?from=olddocs#urlencode

I know I can make it encode the slash, but why doesn't it do it by default? Isn't it accepted behavior to encode the slash, given that it's a reserved character in URLs?

Read this http://stackoverflow.com/questions/1957115/is-a-slash-equivalent-to-an-encoded-slash-2f-in-the-path-portion-of-a — catherine, Feb 06 '13 at 01:28

score 10 · Answer 1 · answered Feb 06 '13 at 04:52

From the Django source, urlencode is basically a wrapper around Django's urlquote utility method. From the comments in the source, urlquote is a UTF-8-safe version of urllib.quote.

So urlencode is using the same defaults as python's urllib.quote, and the reason that urllib.quote does not escape slashes can be found in the documentation:

Replace special characters in string using the %xx escape. Letters, digits, and the characters '_.-' are never quoted. By default, this function is intended for quoting the path section of the URL. The optional safe parameter specifies additional characters that should not be quoted — its default value is '/'.

So, the reason is that it's escaping the path, and '/' is a perfectly expected and valid character within a path.

score 2 · Answer 2 · answered Jul 03 '21 at 12:15

To get urlencode to also escape / in a Django template, use {{ variable|urlencode:'' }}.

Explanation: The extra optional parameter tells urlencode the set of characters that are "safe", where the default is '/', so passing an empty string is telling urlencode that / is not safe and should be encoded.

Why does Django's `urlencode` not encode slash?

2 Answers2