diff options
| author | Aymeric Augustin <aymeric.augustin@m4x.org> | 2016-02-23 10:51:54 +0100 |
|---|---|---|
| committer | Aymeric Augustin <aymeric.augustin@m4x.org> | 2016-02-23 19:35:16 +0100 |
| commit | 7f6fbc906a21e9f8db36e06ace2a9b687aa26130 (patch) | |
| tree | 4a23038ed6f8c1fc5957f87f364c7b32459e6da9 /tests/staticfiles_tests/project/documents/cached/denorm.css | |
| parent | 706b33fef80b8b0901fdd2e954e5e5ea189a528a (diff) | |
Prevented static file corruption when URL fragment contains '..'.
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.
Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.
The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.
There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.
Refs #26249.
Diffstat (limited to 'tests/staticfiles_tests/project/documents/cached/denorm.css')
| -rw-r--r-- | tests/staticfiles_tests/project/documents/cached/denorm.css | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/tests/staticfiles_tests/project/documents/cached/denorm.css b/tests/staticfiles_tests/project/documents/cached/denorm.css deleted file mode 100644 index d6567b00dd..0000000000 --- a/tests/staticfiles_tests/project/documents/cached/denorm.css +++ /dev/null @@ -1,4 +0,0 @@ -@import url("..//cached///styles.css"); -body { - background: #d3d6d8 url(img/relative.png ); -} |