diff options
Diffstat (limited to 'django/core/validators.py')
| -rw-r--r-- | django/core/validators.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/django/core/validators.py b/django/core/validators.py index a37f3416e9..900a2b558e 100644 --- a/django/core/validators.py +++ b/django/core/validators.py @@ -90,6 +90,7 @@ class URLValidator(RegexValidator): r'\Z', re.IGNORECASE) message = _('Enter a valid URL.') schemes = ['http', 'https', 'ftp', 'ftps'] + unsafe_chars = frozenset('\t\r\n') def __init__(self, schemes=None, **kwargs): super().__init__(**kwargs) @@ -99,6 +100,8 @@ class URLValidator(RegexValidator): def __call__(self, value): if not isinstance(value, str): raise ValidationError(self.message, code=self.code) + if self.unsafe_chars.intersection(value): + raise ValidationError(self.message, code=self.code) # Check if the scheme is valid. scheme = value.split('://')[0].lower() if scheme not in self.schemes: |