Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
author: Adam Johnson <me@adamj.eu> 2024-06-24 15:30:59 +0200
committer: Natalia <124304+nessita@users.noreply.github.com> 2024-07-09 09:21:19 -0300
commit: d6664574539c1531612dea833d264ed5c2b04e1e (patch)
tree: 2a65e02a92e7b2022fe32090b4d1620b50f5e322 /tests/utils_tests
parent: af84bcc8d1b129bd2dc35fae6bb42a175143661f (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index ad31b8cc5b..9fe782ed2f 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -352,6 +352,13 @@ class TestUtilsHtml(SimpleTestCase):
             "foo@.example.com",
             "foo@localhost",
             "foo@localhost.",
+            # trim_punctuation catastrophic tests
+            "(" * 100_000 + ":" + ")" * 100_000,
+            "(" * 100_000 + "&:" + ")" * 100_000,
+            "([" * 100_000 + ":" + "])" * 100_000,
+            "[(" * 100_000 + ":" + ")]" * 100_000,
+            "([[" * 100_000 + ":" + "]])" * 100_000,
+            "&:" + ";" * 100_000,
         )
         for value in tests:
             with self.subTest(value=value):
author	Adam Johnson <me@adamj.eu>	2024-06-24 15:30:59 +0200
committer	Natalia <124304+nessita@users.noreply.github.com>	2024-07-09 09:21:19 -0300
commit	d6664574539c1531612dea833d264ed5c2b04e1e (patch)
tree	2a65e02a92e7b2022fe32090b4d1620b50f5e322 /tests/utils_tests
parent	af84bcc8d1b129bd2dc35fae6bb42a175143661f (diff)