[5.0.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
author: Adam Johnson <me@adamj.eu> 2024-06-24 15:30:59 +0200
committer: Natalia <124304+nessita@users.noreply.github.com> 2024-07-09 10:03:07 -0300
commit: 7285644640f085f41d60ab0c8ae4e9153f0485db (patch)
tree: 708c59c7b786b5a5130c6e22176f89240818a14b /tests/utils_tests/test_html.py
parent: 830340037b1bc499612752b835c1629d3aa01036 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index ad31b8cc5b..9fe782ed2f 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -352,6 +352,13 @@ class TestUtilsHtml(SimpleTestCase):
             "foo@.example.com",
             "foo@localhost",
             "foo@localhost.",
+            # trim_punctuation catastrophic tests
+            "(" * 100_000 + ":" + ")" * 100_000,
+            "(" * 100_000 + "&:" + ")" * 100_000,
+            "([" * 100_000 + ":" + "])" * 100_000,
+            "[(" * 100_000 + ":" + ")]" * 100_000,
+            "([[" * 100_000 + ":" + "]])" * 100_000,
+            "&:" + ";" * 100_000,
         )
         for value in tests:
             with self.subTest(value=value):
author	Adam Johnson <me@adamj.eu>	2024-06-24 15:30:59 +0200
committer	Natalia <124304+nessita@users.noreply.github.com>	2024-07-09 10:03:07 -0300
commit	7285644640f085f41d60ab0c8ae4e9153f0485db (patch)
tree	708c59c7b786b5a5130c6e22176f89240818a14b /tests/utils_tests/test_html.py
parent	830340037b1bc499612752b835c1629d3aa01036 (diff)