diff options
Diffstat (limited to 'django')
| -rw-r--r-- | django/utils/http.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/django/utils/http.py b/django/utils/http.py index 67414d93f6..6aa5cd38d6 100644 --- a/django/utils/http.py +++ b/django/utils/http.py @@ -272,6 +272,7 @@ def is_safe_url(url, host=None): """ if not url: return False + url = url.strip() # Chrome treats \ completely as / url = url.replace('\\', '/') # Chrome considers any URL with more than two slashes to be absolute, but |