diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2019-07-15 12:00:06 +0200 |
|---|---|---|
| committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-08-01 09:24:54 +0200 |
| commit | 4b78420d250df5e21763633871e486ee76728cc4 (patch) | |
| tree | 6227c024865efca0e2d6f5c1f498dc078fd7ea00 /tests/utils_tests/test_html.py | |
| parent | 7f65974f8219729c047fbbf8cd5cc9d80faefe77 (diff) | |
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
Diffstat (limited to 'tests/utils_tests/test_html.py')
| -rw-r--r-- | tests/utils_tests/test_html.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py index 02825f5e1e..30f5ba68e8 100644 --- a/tests/utils_tests/test_html.py +++ b/tests/utils_tests/test_html.py @@ -90,6 +90,8 @@ class TestUtilsHtml(SimpleTestCase): ('&gotcha&#;<>', '&gotcha&#;<>'), ('<sc<!-- -->ript>test<<!-- -->/script>', 'ript>test'), ('<script>alert()</script>&h', 'alert()h'), + ('><!' + ('&' * 16000) + 'D', '><!' + ('&' * 16000) + 'D'), + ('X<<<<br>br>br>br>X', 'XX'), ) for value, output in items: with self.subTest(value=value, output=output): |