[1.8.x] Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.

Thanks Florian Apolloner for assisting with the patch.
author: Tim Graham <timograham@gmail.com> 2018-02-24 11:30:11 -0500
committer: Tim Graham <timograham@gmail.com> 2018-03-01 11:58:41 -0500
commit: 1ca63a66ef3163149ad822701273e8a1844192c2 (patch)
tree: 0b4355804c172226b2671017fcafe2fb148cc2b8 /tests/utils_tests/test_html.py
parent: 10f11f2221a0a23114f43bdb6228a630f11f9722 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index bc9874c696..b108268c17 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -248,3 +248,11 @@ class TestUtilsHtml(SimpleTestCase):
             @html.html_safe
             class HtmlClass(object):
                 pass
+
+    def test_urlize_unchanged_inputs(self):
+        tests = (
+            ('a' + '@a' * 50000) + 'a',  # simple_email_re catastrophic test
+            ('a' + '.' * 1000000) + 'a',  # trailing_punctuation catastrophic test
+        )
+        for value in tests:
+            self.assertEqual(html.urlize(value), value)
author	Tim Graham <timograham@gmail.com>	2018-02-24 11:30:11 -0500
committer	Tim Graham <timograham@gmail.com>	2018-03-01 11:58:41 -0500
commit	1ca63a66ef3163149ad822701273e8a1844192c2 (patch)
tree	0b4355804c172226b2671017fcafe2fb148cc2b8 /tests/utils_tests/test_html.py
parent	10f11f2221a0a23114f43bdb6228a630f11f9722 (diff)