This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author nirs
Recipients ajaksu2, ezio.melotti, georg.brandl, nirs, orsenthil, rwanderley, thomaspinckney3, tlesher
Date 2009-08-09.15:40:44
SpamBayes Score 1.539896e-11
Marked as misclassified No
Message-id <1249832447.09.0.00189511447167.issue2637@psf.upfronthosting.co.za>
In-reply-to
Content 
Senthil said:
> The way to handle this issue would be add these characters 
> '%/:=&?~#+!$,;'@()*[]' to always_safe list.

This is wrong - for example, '&=?' are NOT safe when quoting parameters
for query string. This will break exiting code that assume the default
safe parameters.

Other characters may be unsafe in other parts of the url - I did not
check which - and I don't have time to check. The current default
(safe='/') is the best option - it will work correctly in most case, and
in the worst is escaping some characters which are safe in particular
use case.

Since only the user know the context, the user should add safe
characters to the function. If you don't specify anything, the function
should be safe as possible for the worst use case.

If you want to add characters to the default safe list, you have to make
sure that the function will not break for common use cases.
History
Date User Action Args
2009-08-09 15:40:47nirssetrecipients: + nirs, georg.brandl, orsenthil, ajaksu2, tlesher, ezio.melotti, thomaspinckney3, rwanderley
2009-08-09 15:40:47nirssetmessageid: <1249832447.09.0.00189511447167.issue2637@psf.upfronthosting.co.za>
2009-08-09 15:40:45nirslinkissue2637 messages
2009-08-09 15:40:44nirscreate