diff options
| author | Ahmed Nassar <a.moh.nassar00@gmail.com> | 2025-03-08 16:35:10 +0200 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-03-19 14:28:42 +0100 |
| commit | ec7044c706f48f5ab3d9e4c35e4078b9f9dcaaf2 (patch) | |
| tree | 728764e3cac25453c9936eaae272cc3cc019a017 /django/utils/html.py | |
| parent | ed1e7c02c9db2cc28b3ab5621ce6315fcee54b27 (diff) | |
Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and urlizetrunc.
Diffstat (limited to 'django/utils/html.py')
| -rw-r--r-- | django/utils/html.py | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index 182b7d4cec..a9d029165f 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -3,12 +3,15 @@ import html import json import re +import warnings from collections.abc import Mapping from html.parser import HTMLParser from urllib.parse import parse_qsl, quote, unquote, urlencode, urlsplit, urlunsplit +from django.conf import settings from django.core.exceptions import SuspiciousOperation, ValidationError from django.core.validators import EmailValidator +from django.utils.deprecation import RemovedInDjango70Warning from django.utils.functional import Promise, cached_property, keep_lazy, keep_lazy_text from django.utils.http import RFC3986_GENDELIMS, RFC3986_SUBDELIMS from django.utils.regex_helper import _lazy_re_compile @@ -343,7 +346,24 @@ class Urlizer: if len(middle) <= MAX_URL_LENGTH and self.simple_url_re.match(middle): url = smart_urlquote(html.unescape(middle)) elif len(middle) <= MAX_URL_LENGTH and self.simple_url_2_re.match(middle): - url = smart_urlquote("http://%s" % html.unescape(middle)) + unescaped_middle = html.unescape(middle) + # RemovedInDjango70Warning: When the deprecation ends, replace with: + # url = smart_urlquote(f"https://{unescaped_middle}") + protocol = ( + "https" + if getattr(settings, "URLIZE_ASSUME_HTTPS", False) + else "http" + ) + if not settings.URLIZE_ASSUME_HTTPS: + warnings.warn( + "The default protocol will be changed from HTTP to " + "HTTPS in Django 7.0. Set the URLIZE_ASSUME_HTTPS " + "transitional setting to True to opt into using HTTPS as the " + "new default protocol.", + RemovedInDjango70Warning, + stacklevel=2, + ) + url = smart_urlquote(f"{protocol}://{unescaped_middle}") elif ":" not in middle and self.is_email_simple(middle): local, domain = middle.rsplit("@", 1) # Encode per RFC 6068 Section 2 (items 1, 4, 5). Defer any IDNA |