[5.0.x] Fixed CVE-2025-27556 -- Mitigated potential DoS in url_has_allowed_host_and_scheme() on Windows.

Thank you sw0rd1ight for the report. Backport of 39e2297210d9d2938c75fc911d45f0e863dc4821 from main.
author: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-03-06 15:24:56 +0100
committer: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-04-02 10:42:15 +0200
commit: 8c6871b097b6c49d2a782c0d80d908bcbe2116f1 (patch)
tree: 521c270381ec399e0da4c1c7eaf31d0484bfe1f6 /django/utils/html.py
parent: 2be56bc534a1ef7c9bae63182e6053513daa0d25 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/django/utils/html.py b/django/utils/html.py
index d04e594d13..df0b3984df 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -11,7 +11,7 @@ from django.core.exceptions import SuspiciousOperation
 from django.utils.deprecation import RemovedInDjango60Warning
 from django.utils.encoding import punycode
 from django.utils.functional import Promise, cached_property, keep_lazy, keep_lazy_text
-from django.utils.http import RFC3986_GENDELIMS, RFC3986_SUBDELIMS
+from django.utils.http import MAX_URL_LENGTH, RFC3986_GENDELIMS, RFC3986_SUBDELIMS
 from django.utils.regex_helper import _lazy_re_compile
 from django.utils.safestring import SafeData, SafeString, mark_safe
 from django.utils.text import normalize_newlines
@@ -37,7 +37,6 @@ VOID_ELEMENTS = {
     "spacer",
 }
 
-MAX_URL_LENGTH = 2048
 MAX_STRIP_TAGS_DEPTH = 50
author	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-03-06 15:24:56 +0100
committer	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-04-02 10:42:15 +0200
commit	8c6871b097b6c49d2a782c0d80d908bcbe2116f1 (patch)
tree	521c270381ec399e0da4c1c7eaf31d0484bfe1f6 /django/utils/html.py
parent	2be56bc534a1ef7c9bae63182e6053513daa0d25 (diff)