Malformed XML render when href includes forbidden URI/URL chars

[JCallicoat]

Specifically, when you do a ?where={...} query with page=n and accept:text/xml request header, when n is greater than the results, you get a link to the previous page including the "?where" query, unquoted. In that case, you get an XML parsing exception due to the link href including literal {.

#!/usr/bin env python
import requests
from xml.dom.minidom import parseString

headers = {'accept': 'text/xml'}
bad_link = 'http://eve-demo.herokuapp.com/people/' \
           '?where={"lastname":"Doe"}&page=2'

# xml.parsers.expat.ExpatError: not well-formed (invalid token)
parseString(requests.get(bad_link, headers=headers).text)

Instead of xml.sax.saxutils.escape, you probably want urllib.quote to quote the hrefs.

[nicolaiarocci]

Good catch! Would you please repost this on the eve repo where it belongs? Thanks!

[JCallicoat]

Whoops! Meant to file it over there! Done.

[nicolaiarocci]

https://github.com/nicolaiarocci/eve/issues/99