summaryrefslogtreecommitdiff
path: root/tests/template_tests
diff options
context:
space:
mode:
authorSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2024-08-12 15:17:57 +0200
committerNatalia <124304+nessita@users.noreply.github.com>2024-09-03 09:24:13 -0300
commit022ab0a75c76ab2ea31dfcc5f2cf5501e378d397 (patch)
treefb463682e3ab90de998b49e4b6fdc22b53438e0a /tests/template_tests
parent62039659603ca0fa2df796d1732c4b414549c52b (diff)
[5.1.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'tests/template_tests')
-rw-r--r--tests/template_tests/filter_tests/test_urlize.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/template_tests/filter_tests/test_urlize.py b/tests/template_tests/filter_tests/test_urlize.py
index c19103859e..546bd6c7d6 100644
--- a/tests/template_tests/filter_tests/test_urlize.py
+++ b/tests/template_tests/filter_tests/test_urlize.py
@@ -321,6 +321,11 @@ class FunctionTests(SimpleTestCase):
'<a href="http://example.com?x=" rel="nofollow">'
"http://example.com?x=&amp;</a>;;",
)
+ self.assertEqual(
+ urlize("http://example.com?x=&amp.;...;", autoescape=False),
+ '<a href="http://example.com?x=" rel="nofollow">'
+ "http://example.com?x=&amp</a>.;...;",
+ )
def test_brackets(self):
"""