[5.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows.

Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210d9d2938c75fc911d45f0e863dc4821. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main.
author: Jacob Walls <jacobtylerwalls@gmail.com> 2025-10-16 16:28:33 -0400
committer: Natalia <124304+nessita@users.noreply.github.com> 2025-11-05 09:32:59 -0300
commit: 4f5d904b63751dea9ffc3b0e046404a7fa5881ac (patch)
tree: 181957879d992b28083160f3bd454bdd03222219 /tests/httpwrappers/tests.py
parent: cbdf128cb316bccf9ca3b3b4966e57bd050bfc8a (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py
index f85d33e823..f62a9d9bba 100644
--- a/tests/httpwrappers/tests.py
+++ b/tests/httpwrappers/tests.py
@@ -24,6 +24,7 @@ from django.http import (
 )
 from django.test import SimpleTestCase
 from django.utils.functional import lazystr
+from django.utils.http import MAX_URL_LENGTH
 
 
 class QueryDictTests(SimpleTestCase):
@@ -490,6 +491,7 @@ class HttpResponseTests(SimpleTestCase):
             'data:text/html,<script>window.alert("xss")</script>',
             "mailto:test@example.com",
             "file:///etc/passwd",
+            "é" * (MAX_URL_LENGTH + 1),
         ]
         for url in bad_urls:
             with self.assertRaises(DisallowedRedirect):
author	Jacob Walls <jacobtylerwalls@gmail.com>	2025-10-16 16:28:33 -0400
committer	Natalia <124304+nessita@users.noreply.github.com>	2025-11-05 09:32:59 -0300
commit	4f5d904b63751dea9ffc3b0e046404a7fa5881ac (patch)
tree	181957879d992b28083160f3bd454bdd03222219 /tests/httpwrappers/tests.py
parent	cbdf128cb316bccf9ca3b3b4966e57bd050bfc8a (diff)