1 files changed, 15 insertions, 8 deletions

diff --git a/tests/admin_widgets/tests.py b/tests/admin_widgets/tests.py
index a7335f8f69..18475658c9 100644
--- a/tests/admin_widgets/tests.py
+++ b/tests/admin_widgets/tests.py
@@ -333,6 +333,13 @@ class AdminSplitDateTimeWidgetTest(SimpleTestCase):
 
 
 class AdminURLWidgetTest(SimpleTestCase):
+    def test_get_context_validates_url(self):
+        w = widgets.AdminURLFieldWidget()
+        for invalid in ['', '/not/a/full/url/', 'javascript:alert("Danger XSS!")']:
+            with self.subTest(url=invalid):
+                self.assertFalse(w.get_context('name', invalid, {})['url_valid'])
+        self.assertTrue(w.get_context('name', 'http://example.com', {})['url_valid'])
+
     def test_render(self):
         w = widgets.AdminURLFieldWidget()
         self.assertHTMLEqual(
@@ -366,31 +373,31 @@ class AdminURLWidgetTest(SimpleTestCase):
         VALUE_RE = re.compile('value="([^"]+)"')
         TEXT_RE = re.compile('<a[^>]+>([^>]+)</a>')
         w = widgets.AdminURLFieldWidget()
-        output = w.render('test', 'http://example.com/<sometag>some text</sometag>')
+        output = w.render('test', 'http://example.com/<sometag>some-text</sometag>')
         self.assertEqual(
             HREF_RE.search(output).groups()[0],
-            'http://example.com/%3Csometag%3Esome%20text%3C/sometag%3E',
+            'http://example.com/%3Csometag%3Esome-text%3C/sometag%3E',
         )
         self.assertEqual(
             TEXT_RE.search(output).groups()[0],
-            'http://example.com/&lt;sometag&gt;some text&lt;/sometag&gt;',
+            'http://example.com/&lt;sometag&gt;some-text&lt;/sometag&gt;',
         )
         self.assertEqual(
             VALUE_RE.search(output).groups()[0],
-            'http://example.com/&lt;sometag&gt;some text&lt;/sometag&gt;',
+            'http://example.com/&lt;sometag&gt;some-text&lt;/sometag&gt;',
         )
-        output = w.render('test', 'http://example-äüö.com/<sometag>some text</sometag>')
+        output = w.render('test', 'http://example-äüö.com/<sometag>some-text</sometag>')
         self.assertEqual(
             HREF_RE.search(output).groups()[0],
-            'http://xn--example--7za4pnc.com/%3Csometag%3Esome%20text%3C/sometag%3E',
+            'http://xn--example--7za4pnc.com/%3Csometag%3Esome-text%3C/sometag%3E',
         )
         self.assertEqual(
             TEXT_RE.search(output).groups()[0],
-            'http://example-äüö.com/&lt;sometag&gt;some text&lt;/sometag&gt;',
+            'http://example-äüö.com/&lt;sometag&gt;some-text&lt;/sometag&gt;',
         )
         self.assertEqual(
             VALUE_RE.search(output).groups()[0],
-            'http://example-äüö.com/&lt;sometag&gt;some text&lt;/sometag&gt;',
+            'http://example-äüö.com/&lt;sometag&gt;some-text&lt;/sometag&gt;',
         )
         output = w.render('test', 'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"')
         self.assertEqual(