Skip to content

Don't escape plus signs in URLs (#621) #623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nicholasserra merged 3 commits into from
Mar 19, 2025
Merged

Don't escape plus signs in URLs (#621) #623

nicholasserra merged 3 commits into from
Mar 19, 2025

Conversation

@Crozzers
Copy link
Contributor

@Crozzers Crozzers commented Mar 16, 2025

This PR fixes #621 by changing _html_escape_url to no longer escape + characters.

As pointed out in #621, + is a valid URL character, and therefore shouldn't be escaped in URLs.

I'm not sure exactly why they were being escaped in the first place, although it seems the first usage comes from 000343d as part of #230:

if safe_mode:
    escaped = quote_plus(attr).replace('+', ' ')

quote_plus replaces spaces with plus signs, and I'm guessing escapes some other characters too. They then go back and replace the plus signs with spaces again. Seems redundant and doesn't look like we need it

@nicholasserra
Copy link
Collaborator

nicholasserra commented Mar 19, 2025

Thanks!

@nicholasserra nicholasserra merged commit 1e00258 into trentm:master Mar 19, 2025
15 checks passed
mrtmm pushed a commit to mrtmm/xblock-markdown that referenced this pull request Aug 1, 2025
Update tests for URL handling in escape mode
3b953eb 
In version 2.5.4, markdown2 has added better handling for URLs
containing a "+" sign (trentm/python-markdown2#623)

Update our tests accordingly.
@mrtmm mrtmm mentioned this pull request Aug 1, 2025
Merged
mrtmm pushed a commit to mrtmm/xblock-markdown that referenced this pull request Aug 1, 2025
Update tests for URL handling in safe mode
87e5131 
In version 2.5.4, markdown2 has added better handling for URLs
containing a "+" sign (trentm/python-markdown2#623)

Update our tests accordingly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

+ symbol should be escaped as %2B rather than <space>

2 participants

@Crozzers @nicholasserra