[4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
author: Adam Johnson <me@adamj.eu> 2024-06-24 15:30:59 +0200
committer: Natalia <124304+nessita@users.noreply.github.com> 2024-07-09 10:40:37 -0300
commit: 79f368764295df109a37192f6182fb6f361d85b5 (patch)
tree: a669a2a800e585bac52c3f18d2c659e37c8ac76b /tests/utils_tests/test_html.py
parent: 446cdab13485e99939f06b74c563d5bb992330b2 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index b7a7396075..6dab41634a 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -342,6 +342,13 @@ class TestUtilsHtml(SimpleTestCase):
             "foo@.example.com",
             "foo@localhost",
             "foo@localhost.",
+            # trim_punctuation catastrophic tests
+            "(" * 100_000 + ":" + ")" * 100_000,
+            "(" * 100_000 + "&:" + ")" * 100_000,
+            "([" * 100_000 + ":" + "])" * 100_000,
+            "[(" * 100_000 + ":" + ")]" * 100_000,
+            "([[" * 100_000 + ":" + "]])" * 100_000,
+            "&:" + ";" * 100_000,
         )
         for value in tests:
             with self.subTest(value=value):
author	Adam Johnson <me@adamj.eu>	2024-06-24 15:30:59 +0200
committer	Natalia <124304+nessita@users.noreply.github.com>	2024-07-09 10:40:37 -0300
commit	79f368764295df109a37192f6182fb6f361d85b5 (patch)
tree	a669a2a800e585bac52c3f18d2c659e37c8ac76b /tests/utils_tests/test_html.py
parent	446cdab13485e99939f06b74c563d5bb992330b2 (diff)