Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix quoting in uri_to_iri and iri_to_uri #1433

merged 3 commits into from Jan 12, 2019
Changes from all commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.


Just for now

@@ -132,6 +132,7 @@ Unreleased
- Intermediate response bodies are iterated over even when
``buffered=False`` to ensure iterator middleware can run cleanup
code safely. Only the last response is not buffered. (`#988`_)

- :class:`test.EnvironBuilder` and :class:`test.Client` take a
``json`` argument instead of manually passing ``data`` and
``content_type``. This is serialized using the
@@ -199,6 +200,10 @@ Unreleased
incorrectly classify some frames. (`#1421`_)
- Clicking the error message at the top of the interactive debugger
will jump down to the bottom of the traceback. (`#1422`_)
- :meth:`~urls.uri_to_iri` does not unquote ASCII characters in the
unreserved class, such as space, and leaves invalid bytes quoted
when decoding. :meth:`~iri_to_uri` does not quote reserved
characters. See :rfc:`3987` for these character classes. (`#1433`_)

.. _#4:
.. _`#209`:
@@ -264,6 +269,7 @@ Unreleased
.. _#1420:
.. _#1421:
.. _#1422:
.. _#1433:
Version 0.14.1
@@ -407,3 +407,11 @@ def test_uri_iri_normalization():
assert urls.iri_to_uri(urls.uri_to_iri(test)) == uri
assert urls.uri_to_iri(urls.uri_to_iri(test)) == iri
assert urls.iri_to_uri(urls.iri_to_uri(test)) == uri

def test_uri_to_iri_dont_unquote_space():
assert urls.uri_to_iri("abc%20def") == "abc%20def"

def test_iri_to_uri_dont_quote_reserved():
assert urls.iri_to_uri("/path[bracket]?(paren)") == "/path[bracket]?(paren)"
@@ -349,11 +349,18 @@ def test_get_host_fallback():

def test_get_current_url_unicode():
env = create_environ(query_string=u"foo=bar&baz=blah&meh=\xcf")
rv = wsgi.get_current_url(env)
strict_eq(rv, u"http://localhost/?foo=bar&baz=blah&meh=\xcf")

def test_get_current_url_invalid_utf8():
env = create_environ()
env['QUERY_STRING'] = 'foo=bar&baz=blah&meh=\xcf'
# set the query string *after* wsgi dance, so \xcf is invalid
env["QUERY_STRING"] = "foo=bar&baz=blah&meh=\xcf"
rv = wsgi.get_current_url(env)
# it remains percent-encoded
strict_eq(rv, u"http://localhost/?foo=bar&baz=blah&meh=%CF")

def test_multi_part_line_breaks():
@@ -107,7 +107,7 @@
from pprint import pformat
from threading import Lock

from werkzeug.urls import url_encode, url_quote, url_join, fast_url_quote
from werkzeug.urls import url_encode, url_quote, url_join, _fast_url_quote
from werkzeug.utils import redirect, format_string
from werkzeug.exceptions import HTTPException, NotFound, MethodNotAllowed, \
@@ -1230,7 +1230,7 @@ def to_python(self, value):
return value

def to_url(self, value):
return fast_url_quote(text_type(value).encode(
return _fast_url_quote(text_type(value).encode(

class UnicodeConverter(BaseConverter):
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.