Fixed CVE-2025-27556 -- Mitigated potential DoS in url_has_allowed_host_and_scheme() on Windows.

Thank you sw0rd1ight for the report.
author: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-03-06 15:24:56 +0100
committer: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-04-02 10:21:33 +0200
commit: 39e2297210d9d2938c75fc911d45f0e863dc4821 (patch)
tree: 0fec68f7a688c827ecde281ea9fd44610c1dd331 /django/utils/html.py
parent: 00c68f03b5dc6c14618026347ee0da4d466c88e3 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/django/utils/html.py b/django/utils/html.py
index a9d029165f..8676ae3092 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -13,7 +13,7 @@ from django.core.exceptions import SuspiciousOperation, ValidationError
 from django.core.validators import EmailValidator
 from django.utils.deprecation import RemovedInDjango70Warning
 from django.utils.functional import Promise, cached_property, keep_lazy, keep_lazy_text
-from django.utils.http import RFC3986_GENDELIMS, RFC3986_SUBDELIMS
+from django.utils.http import MAX_URL_LENGTH, RFC3986_GENDELIMS, RFC3986_SUBDELIMS
 from django.utils.regex_helper import _lazy_re_compile
 from django.utils.safestring import SafeData, SafeString, mark_safe
 from django.utils.text import normalize_newlines
@@ -41,7 +41,6 @@ VOID_ELEMENTS = frozenset(
     )
 )
 
-MAX_URL_LENGTH = 2048
 MAX_STRIP_TAGS_DEPTH = 50
author	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-03-06 15:24:56 +0100
committer	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-04-02 10:21:33 +0200
commit	39e2297210d9d2938c75fc911d45f0e863dc4821 (patch)
tree	0fec68f7a688c827ecde281ea9fd44610c1dd331 /django/utils/html.py
parent	00c68f03b5dc6c14618026347ee0da4d466c88e3 (diff)