diff options
Diffstat (limited to 'django/utils/html.py')
| -rw-r--r-- | django/utils/html.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index 63a895b432..779155e88c 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -337,7 +337,7 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False): if autoescape and not safe_input: lead, trail = escape(lead), escape(trail) trimmed = escape(trimmed) - middle = '<a href="%s"%s>%s</a>' % (url, nofollow_attr, trimmed) + middle = '<a href="%s"%s>%s</a>' % (escape(url), nofollow_attr, trimmed) words[i] = mark_safe('%s%s%s' % (lead, middle, trail)) else: if safe_input: |