Ampersands in URLs are not escaped

jmcclell / django-bootstrap-pagination

Django template tag for rendering Page objects as Bootstrap pagination HTML

MIT License

212 stars 83 forks source link

Ampersands in URLs are not escaped #41

Closed wetneb closed 8 years ago

wetneb commented 8 years ago

The app does not escape ampersands in URLs, which produces the following invalid HTML:

<a title="Page 2 of 2" href="/foo?key=val&page=2">2</a>

It should be:

<a title="Page 2 of 2" href="/foo?key=val&amp;page=2">2</a>

jmcclell commented 8 years ago

Has this actually caused an issue for you? I don't claim to be a front end specialist and certainly would not disagree with the idea that we should adhere to standards as best as possible, but I've never once seen an actual issue with directly using an ampersand in an href. So, my question is more about curiosity than validity.

wetneb commented 8 years ago

Well, this only breaks my tests which check the validity of my HTML output. But you are right, it is otherwise very benign.

jmcclell commented 8 years ago

Give me a PR and I'll happily merge it in. Totally simple change and entirely valid, regardless of how benign it may otherwise be. :)

wetneb commented 8 years ago

Here it is: #45.