diff options
| author | Claude Paroz <claude@2xlibre.net> | 2015-03-06 21:56:11 +0100 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2015-03-06 22:20:14 +0100 |
| commit | ec808e807ad711b993f199f6b4165ac6d0e1125b (patch) | |
| tree | 8a76a9169f1a3da7d0915332b2a3c6f34422eb0f /django | |
| parent | ceaf31adfff3801f1092a215f73704e15a70e90c (diff) | |
Fixed urlize regression with entities in query strings
Refs #22267.
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.
Diffstat (limited to 'django')
| -rw-r--r-- | django/utils/html.py | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index 569ac74e96..63a895b432 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -282,17 +282,17 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False): smart_urlquote. For example: http://example.com?x=1&y=<2> => http://example.com?x=1&y=<2> """ - if not safe_input: - return text, text, trail unescaped = (text + trail).replace( '&', '&').replace('<', '<').replace( '>', '>').replace('"', '"').replace(''', "'") - # ';' in trail can be either trailing punctuation or end-of-entity marker - if unescaped.endswith(';'): - return text, unescaped[:-1], trail - else: + if trail and unescaped.endswith(trail): + # Remove trail for unescaped if it was not consumed by unescape + unescaped = unescaped[:-len(trail)] + elif trail == ';': + # Trail was consumed by unescape (as end-of-entity marker), move it to text text += trail - return text, unescaped, '' + trail = '' + return text, unescaped, trail words = word_split_re.split(force_text(text)) for i, word in enumerate(words): |
