summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorJacob Walls <jacobtylerwalls@gmail.com>2025-10-16 16:28:33 -0400
committerNatalia <124304+nessita@users.noreply.github.com>2025-11-05 09:20:57 -0300
commitc880530ddd4fabd5939bab0e148bebe36699432a (patch)
tree15a92a5ad4be48265bb67dc3604e54293fe852b5 /tests
parent74564946c3b42a2ef7d087047e49873847a7e1d9 (diff)
Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows.
Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210d9d2938c75fc911d45f0e863dc4821.
Diffstat (limited to 'tests')
-rw-r--r--tests/httpwrappers/tests.py2
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py
index f1caec6b71..804bec50b0 100644
--- a/tests/httpwrappers/tests.py
+++ b/tests/httpwrappers/tests.py
@@ -24,6 +24,7 @@ from django.http import (
)
from django.test import SimpleTestCase
from django.utils.functional import lazystr
+from django.utils.http import MAX_URL_LENGTH
class QueryDictTests(SimpleTestCase):
@@ -490,6 +491,7 @@ class HttpResponseTests(SimpleTestCase):
'data:text/html,<script>window.alert("xss")</script>',
"mailto:test@example.com",
"file:///etc/passwd",
+ "é" * (MAX_URL_LENGTH + 1),
]
for url in bad_urls:
with self.assertRaises(DisallowedRedirect):