diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-12 15:17:57 +0200 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-09-03 09:22:32 -0300 |
| commit | 320dd27412e791e119d088281913d8f649617a13 (patch) | |
| tree | 3eff9109166321340704f65baf0e9c6fc32eeedb /tests/template_tests | |
| parent | f5ddd54986172c29c32f5d835584ea237d5a3781 (diff) | |
Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'tests/template_tests')
| -rw-r--r-- | tests/template_tests/filter_tests/test_urlize.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/template_tests/filter_tests/test_urlize.py b/tests/template_tests/filter_tests/test_urlize.py index c19103859e..546bd6c7d6 100644 --- a/tests/template_tests/filter_tests/test_urlize.py +++ b/tests/template_tests/filter_tests/test_urlize.py @@ -321,6 +321,11 @@ class FunctionTests(SimpleTestCase): '<a href="http://example.com?x=" rel="nofollow">' "http://example.com?x=&</a>;;", ) + self.assertEqual( + urlize("http://example.com?x=&.;...;", autoescape=False), + '<a href="http://example.com?x=" rel="nofollow">' + "http://example.com?x=&</a>.;...;", + ) def test_brackets(self): """ |