diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-12 15:17:57 +0200 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-09-03 09:22:32 -0300 |
| commit | 320dd27412e791e119d088281913d8f649617a13 (patch) | |
| tree | 3eff9109166321340704f65baf0e9c6fc32eeedb /django/utils/html.py | |
| parent | f5ddd54986172c29c32f5d835584ea237d5a3781 (diff) | |
Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'django/utils/html.py')
| -rw-r--r-- | django/utils/html.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index 576eabc683..b34af183d0 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -434,14 +434,17 @@ class Urlizer: potential_entity = middle[amp:] escaped = html.unescape(potential_entity) if escaped == potential_entity or escaped.endswith(";"): - rstripped = middle.rstrip(";") - amount_stripped = len(middle) - len(rstripped) - if amp > -1 and amount_stripped > 1: - # Leave a trailing semicolon as might be an entity. - trail = middle[len(rstripped) + 1 :] + trail - middle = rstripped + ";" + rstripped = middle.rstrip(self.trailing_punctuation_chars) + trail_start = len(rstripped) + amount_trailing_semicolons = len(middle) - len(middle.rstrip(";")) + if amp > -1 and amount_trailing_semicolons > 1: + # Leave up to most recent semicolon as might be an entity. + recent_semicolon = middle[trail_start:].index(";") + middle_semicolon_index = recent_semicolon + trail_start + 1 + trail = middle[middle_semicolon_index:] + trail + middle = rstripped + middle[trail_start:middle_semicolon_index] else: - trail = middle[len(rstripped) :] + trail + trail = middle[trail_start:] + trail middle = rstripped trimmed_something = True |