From f6ad8c7676f85dfde5a279b6b1469251421289e2 Mon Sep 17 00:00:00 2001 From: Shai Berger Date: Mon, 19 Feb 2024 13:56:37 +0100 Subject: Refs CVE-2024-27351 -- Forwardported release notes and tests. Co-Authored-By: Mariusz Felisiak --- tests/utils_tests/test_text.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'tests/utils_tests') diff --git a/tests/utils_tests/test_text.py b/tests/utils_tests/test_text.py index b38d8238c5..ab2cfb3f7c 100644 --- a/tests/utils_tests/test_text.py +++ b/tests/utils_tests/test_text.py @@ -292,6 +292,33 @@ class TestUtilsText(SimpleTestCase): truncator = text.Truncator("foo

") self.assertEqual("foo

", truncator.words(3, html=True)) + # Only open brackets. + truncator = text.Truncator("<" * 60_000) + self.assertEqual(truncator.words(1, html=True), "<…") + + # Tags with special chars in attrs. + truncator = text.Truncator( + """Hello, my dear lady!""" + ) + self.assertEqual( + """Hello, my dear…""", + truncator.words(3, html=True), + ) + + # Tags with special non-latin chars in attrs. + truncator = text.Truncator("""

Hello, my dear lady!

""") + self.assertEqual( + """

Hello, my dear…

""", + truncator.words(3, html=True), + ) + + # Misplaced brackets. + truncator = text.Truncator("hello >< world") + self.assertEqual(truncator.words(1, html=True), "hello…") + self.assertEqual(truncator.words(2, html=True), "hello >…") + self.assertEqual(truncator.words(3, html=True), "hello ><…") + self.assertEqual(truncator.words(4, html=True), "hello >< world") + @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000) def test_truncate_words_html_size_limit(self): max_len = text.Truncator.MAX_LENGTH_HTML -- cgit v1.3