Escape slashes in query strings. This fixes #445
diff --git a/jinja2/utils.py b/jinja2/utils.py
index e12255f..cdd4cd3 100644
--- a/jinja2/utils.py
+++ b/jinja2/utils.py
@@ -283,7 +283,7 @@
return Markup(u'\n'.join(u'<p>%s</p>' % escape(x) for x in result))
-def unicode_urlencode(obj, charset='utf-8'):
+def unicode_urlencode(obj, charset='utf-8', for_qs=False):
"""URL escapes a single bytestring or unicode string with the
given charset if applicable to URL safe quoting under all rules
that need to be considered under all supported Python versions.
@@ -295,7 +295,11 @@
obj = text_type(obj)
if isinstance(obj, text_type):
obj = obj.encode(charset)
- return text_type(url_quote(obj))
+ safe = for_qs and b'' or b'/'
+ rv = text_type(url_quote(obj, safe))
+ if for_qs:
+ rv = rv.replace('%20', '+')
+ return rv
class LRUCache(object):