References to model names are allowed to have URI illegal characters

[flayman]

In the ref() function in swagger.py, model.name is formatted into an internal $ref without first ensuring URI compliance. Here's how the function looks right now:

def ref(model):
    '''Return a reference to model in definitions'''
    name = model.name if isinstance(model, ModelBase) else model
    return {'$ref': '#/definitions/{0}'.format(name)}

Nor is the model name sanitized when the instance is constructed. The name variable falls back on the string representation of model if model.name evaluates to False, which is less likely to produce non-comforming strings, but it's still possible. This violates the JSON Reference spec and can create problems in swagger-ui where references do not resolve properly. It's easy to break some things in the front end just by providing a name that has slashes. It's easily fixed though. Here's my suggestion for a quick fix:

try:
   from urllib.parse import quote
except ImportError:
   from urllib import quote

def ref(model):
    '''Return a reference to model in definitions'''
    name = model.name if isinstance(model, ModelBase) else model
    return {'$ref': '#/definitions/{0}'.format(quote(name, safe=''))}

[j5awry]

merged. Thanks!