Flask graphql query with '&' returns 'Syntax Error GraphQL'

Question

I have a very simple flask graphql app and everything work as I aspect, I can call it from my browser and it returns the given data.

But if I send a string which contains '&' I always get the message "Syntax Error GraphQL (1:22) Unterminated string \n\n1: (...) \n ^\n"

The browser split the given string treated it as parameter.

Is there any workaround to handle this?

#!/usr/bin/env python3
import flask
import flask_graphql
import graphene

app = flask.Flask('graphql-test')

class Query(graphene.ObjectType):
    helloz = graphene.String(text=graphene.String())

    def resolve_helloz(self, info, text):
        return text

@app.route('/')
def index():
    # Create graphql view with the authentication passed as context
    return flask_graphql.GraphQLView.as_view(
            'index', 
            schema=graphene.Schema(query=Query), 
            graphiql=False
        )()

if __name__ == '__main__':
    # Run application
    app.run(host='127.0.0.1', port='8001')

Answer 1

If you are sending the query as a query parameter, you need to escape any characters that have a special meaning, like & and ?. & is used to delimit individual parameters, so without escaping it, the query parameter ends up being interpreted as {helloz(text:"test -- which is not valid GraphQL syntax. You should instead send:

127.0.0.1:8001?query={helloz(text:"test%26test")}