[2.1.X] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.

Thanks to Guido Vranken for initial report.
author: Florian Apolloner <florian@apolloner.eu> 2019-07-15 12:00:06 +0200
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2019-07-29 11:12:53 +0200
commit: 5ff8e791148bd451180124d76a55cb2b2b9556eb (patch)
tree: eb9f93019462f82a18ea6f89263f275d53563623 /tests/utils_tests
parent: c23723a1551340cc7d3126f04fcfd178fa224193 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index 94b8f946cc..8feb4d8e82 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -88,6 +88,8 @@ class TestUtilsHtml(SimpleTestCase):
             ('&gotcha&#;<>', '&gotcha&#;<>'),
             ('<sc<!-- -->ript>test<<!-- -->/script>', 'ript>test'),
             ('<script>alert()</script>&h', 'alert()h'),
+            ('><!' + ('&' * 16000) + 'D', '><!' + ('&' * 16000) + 'D'),
+            ('X<<<<br>br>br>br>X', 'XX'),
         )
         for value, output in items:
             with self.subTest(value=value, output=output):
author	Florian Apolloner <florian@apolloner.eu>	2019-07-15 12:00:06 +0200
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2019-07-29 11:12:53 +0200
commit	5ff8e791148bd451180124d76a55cb2b2b9556eb (patch)
tree	eb9f93019462f82a18ea6f89263f275d53563623 /tests/utils_tests
parent	c23723a1551340cc7d3126f04fcfd178fa224193 (diff)