开发者

is it convenient to urlencode all next parameters? - django

开发者 https://www.devze.com 2022-12-11 10:04 出处:网络
While writing code, it is pretty common to request a page with an appended \"next\" query string argument.

While writing code, it is pretty common to request a page with an appended "next" query string argument.

For instance, in the following template code next points back to the page the user is on:

<a href="{%url some_view%}?next={{request.get_full_path}}

Here I am following a convention: if next features something that I'm not in control of, such as search keywords a user has typed, I urlencode it. Otherwise I don't.

<a href="{%url some_view%}?next={{request.get_full_path|urlencode}}

Instead of judging for each next argument whether it would be user provided or not, would it be convenient if I urlencode all next strings? Will there be side effects I don'开发者_如何学JAVAt see at the moment?


To the best of my knowledge anything that's inside of a url should always be urlencoded.

The only gotcha is that you need to make sure to reverse the encoding when you read in the arguments. It's very possible that django already does this for you. I'd need to consult the documentation and/or code to confirm though.

0

精彩评论

暂无评论...
验证码 换一张
取 消