| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-03-03 | Fixed #36923 -- Added tests for non-hierarchical URI schemes in ↵ | Natalia | |
| URLField.to_python(). Follow up to 951ffb3832cd83ba672c1e3deae2bda128eb9cca. | |||
| 2026-03-03 | Fixed CVE-2026-25673 -- Simplified URLField scheme detection. | Natalia | |
| This simplicaftion mitigates a potential DoS in URLField on Windows. The usage of `urlsplit()` in `URLField.to_python()` was replaced with `str.partition(":")` for URL scheme detection. On Windows, `urlsplit()` performs Unicode normalization which is slow for certain characters, making `URLField` vulnerable to DoS via specially crafted POST payloads. Thanks Seokchan Yoon for the report, and Jake Howard and Shai Berger for the review. Refs #36923. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> | |||
| 2025-01-15 | Refs #34380 -- Changed the URLField default scheme to https and removed ↵ | Sarah Boyce | |
| FORMS_URLFIELD_ASSUME_HTTPS per deprecation timeline. | |||
| 2024-08-28 | Fixed #35666 -- Documented stacklevel usage and testing, and adjusted test ↵ | Simon Charette | |
| suite accordingly. Over the years we've had multiple instances of hit and misses when emitting warnings: either setting the wrong stacklevel or not setting it at all. This work adds assertions for the existing warnings that were declaring the correct stacklevel, but were lacking tests for it. | |||
| 2023-11-28 | Refs #34380 -- Added FORMS_URLFIELD_ASSUME_HTTPS transitional setting. | Mariusz Felisiak | |
| This allows early adoption of the new default "https". | |||
| 2023-11-28 | Refs #34986 -- Fixed some test assertions for PyPy. | Nick Pope | |
| These failures were due to minor inconsistencies or implementation differences between CPython and PyPy. | |||
| 2023-04-28 | Fixed #34380 -- Allowed specifying a default URL scheme in forms.URLField. | Coen van der Kamp | |
| This also deprecates "http" as the default scheme. | |||
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-12-20 | Fixed #33367 -- Fixed URLValidator crash in some edge cases. | mendespedro | |
| 2021-12-16 | Used subTest() in forms.URLField() tests. | Mariusz Felisiak | |
| 2020-09-25 | Refs #28009 -- Added empty_value tests for CharField subclasses. | David Smith | |
| 2020-04-28 | Changed django.forms.ValidationError imports to ↵ | François Freitag | |
| django.core.exceptions.ValidationError. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2018-01-21 | Fixed #29038 -- Removed closing slash from HTML void tags. | Jon Dufresne | |
| 2017-05-24 | Refs #27804 -- Used subTest() in several tests. | Bruno Alla | |
| 2017-01-18 | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | |
| 2016-07-14 | Fixed #26821 -- Fixed forms.Email/URLField crash on None value. | Priy | |
| 2016-04-21 | Fixed #22383 -- Added support for HTML5 required attribute on required form ↵ | Jon Dufresne | |
| fields. | |||
| 2016-04-19 | Fixed #26516 -- Added minlength attribute when forms.CharField.min_length is ↵ | Jon Dufresne | |
| set. | |||
| 2016-04-11 | Split form's test_fields.py into different files. | Berker Peksag | |
