summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2024-08-12 15:17:57 +0200
committerNatalia <124304+nessita@users.noreply.github.com>2024-09-03 09:24:13 -0300
commit022ab0a75c76ab2ea31dfcc5f2cf5501e378d397 (patch)
treefb463682e3ab90de998b49e4b6fdc22b53438e0a /django
parent62039659603ca0fa2df796d1732c4b414549c52b (diff)
[5.1.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'django')
-rw-r--r--django/utils/html.py17
1 files changed, 10 insertions, 7 deletions
diff --git a/django/utils/html.py b/django/utils/html.py
index e5ad5646fa..d9513fc758 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -428,14 +428,17 @@ class Urlizer:
potential_entity = middle[amp:]
escaped = html.unescape(potential_entity)
if escaped == potential_entity or escaped.endswith(";"):
- rstripped = middle.rstrip(";")
- amount_stripped = len(middle) - len(rstripped)
- if amp > -1 and amount_stripped > 1:
- # Leave a trailing semicolon as might be an entity.
- trail = middle[len(rstripped) + 1 :] + trail
- middle = rstripped + ";"
+ rstripped = middle.rstrip(self.trailing_punctuation_chars)
+ trail_start = len(rstripped)
+ amount_trailing_semicolons = len(middle) - len(middle.rstrip(";"))
+ if amp > -1 and amount_trailing_semicolons > 1:
+ # Leave up to most recent semicolon as might be an entity.
+ recent_semicolon = middle[trail_start:].index(";")
+ middle_semicolon_index = recent_semicolon + trail_start + 1
+ trail = middle[middle_semicolon_index:] + trail
+ middle = rstripped + middle[trail_start:middle_semicolon_index]
else:
- trail = middle[len(rstripped) :] + trail
+ trail = middle[trail_start:] + trail
middle = rstripped
trimmed_something = True