url-encode programming language filter values

uttam282005 · uttam282005 · commit 2d7cedbd5f7a · 2026-03-06T14:28:02.000+05:30
Signed-off-by: uttam282005 &lt;uttam282005@gmail.com&gt;
diff --git a/scanpipe/templates/scanpipe/panels/scan_summary_panel.html b/scanpipe/templates/scanpipe/panels/scan_summary_panel.html
@@ -57,7 +57,7 @@
             {% for entry in scan_summary.primary_language %}
               {% if entry.value %}
                 <li>
-                  <a href="{% url 'project_resources' project.slug %}?programming_language={{ entry.value }}" target="_blank">
+                  <a href="{% url 'project_resources' project.slug %}?programming_language={{ entry.value|urlencode }}" target="_blank">
                   {{ entry.value }}
                   {% if entry.count %}
                     <span class="tag is-rounded">
@@ -123,7 +123,7 @@
           <ul>
             {% for entry in scan_summary.other_languages %}
               {% if entry.value %}
-                <a href="{% url 'project_resources' project.slug %}?programming_language={{ entry.value }}" target="_blank">
+                <a href="{% url 'project_resources' project.slug %}?programming_language={{ entry.value|urlencode }}" target="_blank">
                   <li>
                     {{ entry.value }}
                     {% if entry.count %}
@@ -163,4 +163,4 @@
       </tr>
     </table>
   </div>
-</article>
+</article>
diff --git a/scanpipe/templates/scanpipe/project_charts.html b/scanpipe/templates/scanpipe/project_charts.html
@@ -152,7 +152,7 @@ <h3 class="title is-4 has-text-centered mb-3">
               // Keep in sync with FilterSetUtilsMixin.(empty_value|other_value)
               if (name === "(No value detected)") name = "_EMPTY_";
               if (name === "Other") name = "_OTHER_";
-              let full_url = `${base_url}?${field}=${name}`;
+              let full_url = `${base_url}?${field}=${${encodeURIComponent(name)}`;
               if (in_package) full_url += `&in_package=${in_package}`;
               if (event.ctrlKey || event.metaKey) window.open(full_url, '_blank');
               else window.location.href = full_url;
@@ -182,4 +182,4 @@ <h3 class="title is-4 has-text-centered mb-3">
       makeChart("file_compliance_alert", "#compliance_alert_chart", "Resource\nCompliance\nAlert");
     {% endif %}
   </script>
-{% endblock %}
+{% endblock %}
diff --git a/scanpipe/tests/test_api.py b/scanpipe/tests/test_api.py
@@ -788,6 +788,18 @@ def test_scanpipe_api_project_action_resources_filterset(self):
         response = self.csrf_client.get(url + "?slug=aaa")
         self.assertEqual(2, response.data["count"])
 
+    def test_scanpipe_api_project_action_resources_filterset_special_chars(self):
+        make_resource_file(
+            self.project1,
+            path="csharp_file.cs",
+            programming_language="C#",
+        )
+        url = reverse("project-resources", args=[self.project1.uuid])
+        response = self.csrf_client.get(url + "?programming_language=C%23")
+        self.assertEqual(1, response.data["count"])
+        self.assertEqual("csharp_file.cs", response.data["results"][0]["path"])
+        self.assertEqual("C#", response.data["results"][0]["programming_language"])
+
     def test_scanpipe_api_project_action_packages(self):
         url = reverse("project-packages", args=[self.project1.uuid])
         response = self.csrf_client.get(url)
