== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

== How to fix it

=== Code examples

include::../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,python,diff-id=1,diff-type=noncompliant]
----
from flask import request
from urllib.request import urlopen

@app.route('/example')
def example():
    id = request.args["user"]
    urlopen("http://example.com/api/user/" + id).read() # Noncompliant
----

==== Compliant solution

[source,python,diff-id=1,diff-type=compliant]
----
from flask import request
from urllib.request import urlopen
from urllib.parse import quote

@app.route('/example')
def example():
    id = request.args["user"]
    urlopen("http://example.com/api/user/?u=" + quote(id)).read()
----

=== How does this work?

include::../common/fix/encoding.adoc[]

== Resources

include::../common/resources/standards.adoc[]