[1.11.x] Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.

Thanks Florian Apolloner for assisting with the patch.
author: Tim Graham <timograham@gmail.com> 2018-02-24 11:30:11 -0500
committer: Tim Graham <timograham@gmail.com> 2018-02-27 13:54:19 -0500
commit: abf89d729f210c692a50e0ad3f75fb6bec6fae16 (patch)
tree: aae01caa4978c9bb3eef2d2289797fa4068a11a7 /tests
parent: 7d7ab26bc07ea0fd96b0dcdad53c234b2b484210 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index 7982f4fe42..1bebe94521 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -232,3 +232,11 @@ class TestUtilsHtml(SimpleTestCase):
             @html.html_safe
             class HtmlClass(object):
                 pass
+
+    def test_urlize_unchanged_inputs(self):
+        tests = (
+            ('a' + '@a' * 50000) + 'a',  # simple_email_re catastrophic test
+            ('a' + '.' * 1000000) + 'a',  # trailing_punctuation catastrophic test
+        )
+        for value in tests:
+            self.assertEqual(html.urlize(value), value)
author	Tim Graham <timograham@gmail.com>	2018-02-24 11:30:11 -0500
committer	Tim Graham <timograham@gmail.com>	2018-02-27 13:54:19 -0500
commit	abf89d729f210c692a50e0ad3f75fb6bec6fae16 (patch)
tree	aae01caa4978c9bb3eef2d2289797fa4068a11a7 /tests
parent	7d7ab26bc07ea0fd96b0dcdad53c234b2b484210 (diff)