You mean on the standard login form? The hidden "next" form value? That value isn't part of a URL so it isn't URL escaped. It's part of the HTML attribute value, so it is HTML attribute escaped.
On Sat, Apr 23, 2016 at 6:19 PM, Chris Seberino <cseberino@gmail.com> wrote:
But I still don't see why sometimes the slash is escaped then sometimes it isn't. I've seen both ways for query parameters.... The ugly Escape version shows up when I have handmade URLs but not when Django creates the next URL itself like for logging in
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4301c013-2b27-427b-8f0e-d7e13bc13112%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAD4ANxW%3DraSpZ08KQ6EhA6hqELywfapV24x5%3Dz%3D9EGHgTtF%3DRA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment