From 7f65974f8219729c047fbbf8cd5cc9d80faefe77 Mon Sep 17 00:00:00 2001 From: Florian Apolloner Date: Mon, 15 Jul 2019 11:46:09 +0200 Subject: Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when truncating HTML. Thanks to Guido Vranken for initial report. --- tests/template_tests/filter_tests/test_truncatewords_html.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests/template_tests') diff --git a/tests/template_tests/filter_tests/test_truncatewords_html.py b/tests/template_tests/filter_tests/test_truncatewords_html.py index 5daeef6cf3..6177fc875d 100644 --- a/tests/template_tests/filter_tests/test_truncatewords_html.py +++ b/tests/template_tests/filter_tests/test_truncatewords_html.py @@ -16,13 +16,13 @@ class FunctionTests(SimpleTestCase): def test_truncate2(self): self.assertEqual( truncatewords_html('

one two - three
four
five

', 4), - '

one two - three
four …

', + '

one two - three …

', ) def test_truncate3(self): self.assertEqual( truncatewords_html('

one two - three
four
five

', 5), - '

one two - three
four
five

', + '

one two - three
four …

', ) def test_truncate4(self): -- cgit v1.3