From 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b Mon Sep 17 00:00:00 2001 From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> Date: Tue, 25 Feb 2025 09:40:54 +0100 Subject: Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter. Thanks sw0rd1ight for the report. --- tests/template_tests/filter_tests/test_wordwrap.py | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'tests') diff --git a/tests/template_tests/filter_tests/test_wordwrap.py b/tests/template_tests/filter_tests/test_wordwrap.py index 88fbd274da..4afa1dd234 100644 --- a/tests/template_tests/filter_tests/test_wordwrap.py +++ b/tests/template_tests/filter_tests/test_wordwrap.py @@ -78,3 +78,14 @@ class FunctionTests(SimpleTestCase): "this is a long\nparagraph of\ntext that\nreally needs\nto be wrapped\n" "I'm afraid", ) + + def test_wrap_long_text(self): + long_text = ( + "this is a long paragraph of text that really needs" + " to be wrapped I'm afraid " * 20_000 + ) + self.assertIn( + "this is a\nlong\nparagraph\nof text\nthat\nreally\nneeds to\nbe wrapped\n" + "I'm afraid", + wordwrap(long_text, 10), + ) -- cgit v1.3