13

I see that Django's urlencode filter doesn't encode slash by default:

https://docs.djangoproject.com/en/dev/ref/templates/builtins/?from=olddocs#urlencode

I know I can make it encode the slash, but why doesn't it do it by default? Isn't it accepted behavior to encode the slash, given that it's a reserved character in URLs?

Ram Rachum
  • 84,019
  • 84
  • 236
  • 374

2 Answers2

10

From the Django source, urlencode is basically a wrapper around Django's urlquote utility method. From the comments in the source, urlquote is a UTF-8-safe version of urllib.quote.

So urlencode is using the same defaults as python's urllib.quote, and the reason that urllib.quote does not escape slashes can be found in the documentation:

Replace special characters in string using the %xx escape. Letters, digits, and the characters '_.-' are never quoted. By default, this function is intended for quoting the path section of the URL. The optional safe parameter specifies additional characters that should not be quoted — its default value is '/'.

So, the reason is that it's escaping the path, and '/' is a perfectly expected and valid character within a path.

hrunting
  • 3,857
  • 25
  • 23
2

To get urlencode to also escape / in a Django template, use {{ variable|urlencode:'' }}.

Explanation: The extra optional parameter tells urlencode the set of characters that are "safe", where the default is '/', so passing an empty string is telling urlencode that / is not safe and should be encoded.

Rok Strniša
  • 6,781
  • 6
  • 41
  • 53