[6.0.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedirect/HttpResponsePermanentRedirect on Windows.

Thanks Seokchan Yoon for the report, Markus Holtermann for the triage, and Jake Howard for the review. Follow-up to CVE-2025-27556 and 39e2297210d9d2938c75fc911d45f0e863dc4821. Backport of c880530ddd4fabd5939bab0e148bebe36699432a from main.
author: Jacob Walls <jacobtylerwalls@gmail.com> 2025-10-16 16:28:33 -0400
committer: Natalia <124304+nessita@users.noreply.github.com> 2025-11-05 09:28:56 -0300
commit: 6e13348436fccf8f22982921d6a3a3e65c956a9f (patch)
tree: 5e69b65beeda387fe8cc0ce0929a0508797e5430 /tests
parent: 12042b8978a686d815636b11b9ea602b7031ae0a (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py
index f1caec6b71..804bec50b0 100644
--- a/tests/httpwrappers/tests.py
+++ b/tests/httpwrappers/tests.py
@@ -24,6 +24,7 @@ from django.http import (
 )
 from django.test import SimpleTestCase
 from django.utils.functional import lazystr
+from django.utils.http import MAX_URL_LENGTH
 
 
 class QueryDictTests(SimpleTestCase):
@@ -490,6 +491,7 @@ class HttpResponseTests(SimpleTestCase):
             'data:text/html,<script>window.alert("xss")</script>',
             "mailto:test@example.com",
             "file:///etc/passwd",
+            "é" * (MAX_URL_LENGTH + 1),
         ]
         for url in bad_urls:
             with self.assertRaises(DisallowedRedirect):
author	Jacob Walls <jacobtylerwalls@gmail.com>	2025-10-16 16:28:33 -0400
committer	Natalia <124304+nessita@users.noreply.github.com>	2025-11-05 09:28:56 -0300
commit	6e13348436fccf8f22982921d6a3a3e65c956a9f (patch)
tree	5e69b65beeda387fe8cc0ce0929a0508797e5430 /tests
parent	12042b8978a686d815636b11b9ea602b7031ae0a (diff)