Fix for row pages for tables with / in, closes #325

datasette/views/base.py

@@ -122,9 +122,16 @@ class BaseView(RenderMixin):
                 kwargs["table"] = table
                 if _format:
                     kwargs["as_format"] = ".{}".format(_format)
+            elif "table" in kwargs:
+                kwargs["table"] = urllib.parse.unquote_plus(
+                    kwargs["table"]
+                )
+
             should_redirect = "/{}-{}".format(name, expected)
             if "table" in kwargs:
-                should_redirect += "/" + urllib.parse.quote_plus(kwargs["table"])
+                should_redirect += "/" + urllib.parse.quote_plus(
+                    kwargs["table"]
+                )
             if "pk_path" in kwargs:
                 should_redirect += "/" + kwargs["pk_path"]
             if "as_format" in kwargs:
@@ -253,6 +260,10 @@ class BaseView(RenderMixin):
             _format = _format or _ext_format
             kwargs["table"] = table
             del kwargs["table_and_format"]
+        elif "table" in kwargs:
+            kwargs["table"] = urllib.parse.unquote_plus(
+                kwargs["table"]
+            )
 
         if _format == "csv":
             return await self.as_csv(request, name, hash, **kwargs)

datasette/views/table.py

@@ -806,7 +806,9 @@ class RowView(RowTableShared):
             select = "rowid, *"
             pks = ["rowid"]
         wheres = ['"{}"=:p{}'.format(pk, i) for i, pk in enumerate(pks)]
-        sql = 'select {} from "{}" where {}'.format(select, table, " AND ".join(wheres))
+        sql = 'select {} from {} where {}'.format(
+            select, escape_sqlite(table), " AND ".join(wheres)
+        )
         params = {}
         for i, pk_value in enumerate(pk_values):
             params["p{}".format(i)] = pk_value