diff options
| author | Adam Johnson <me@adamj.eu> | 2024-06-24 15:30:59 +0200 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-07-09 09:42:12 -0300 |
| commit | 44aef996c8d723198e89ca834cb1d746e2e72d77 (patch) | |
| tree | 4ab9dc5395942482de8294257568f388ab3b94bd /tests/utils_tests/test_html.py | |
| parent | 79246129f706d3fcedfb565d75c2e7df09fc496f (diff) | |
[5.1.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
Diffstat (limited to 'tests/utils_tests/test_html.py')
| -rw-r--r-- | tests/utils_tests/test_html.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py index ad31b8cc5b..9fe782ed2f 100644 --- a/tests/utils_tests/test_html.py +++ b/tests/utils_tests/test_html.py @@ -352,6 +352,13 @@ class TestUtilsHtml(SimpleTestCase): "foo@.example.com", "foo@localhost", "foo@localhost.", + # trim_punctuation catastrophic tests + "(" * 100_000 + ":" + ")" * 100_000, + "(" * 100_000 + "&:" + ")" * 100_000, + "([" * 100_000 + ":" + "])" * 100_000, + "[(" * 100_000 + ":" + ")]" * 100_000, + "([[" * 100_000 + ":" + "]])" * 100_000, + "&:" + ";" * 100_000, ) for value in tests: with self.subTest(value=value): |
