From 7b1a67cce52e5c191fbfa1bca501c6f0222db019 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Tue, 10 Mar 2015 18:40:33 -0400 Subject: Fixed escaping regression in urlize filter. Now that the URL is always unescaped as of refs #22267, we should re-escape it before inserting it into the anchor. --- django/utils/html.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'django/utils') diff --git a/django/utils/html.py b/django/utils/html.py index 63a895b432..779155e88c 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -337,7 +337,7 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False): if autoescape and not safe_input: lead, trail = escape(lead), escape(trail) trimmed = escape(trimmed) - middle = '%s' % (url, nofollow_attr, trimmed) + middle = '%s' % (escape(url), nofollow_attr, trimmed) words[i] = mark_safe('%s%s%s' % (lead, middle, trail)) else: if safe_input: -- cgit v1.3