mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[5.1.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Browse Source 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
This commit is contained in:
Sarah Boyce
2024-08-12 15:17:57 +02:00
committed by Natalia
parent 6203965960
commit 022ab0a75c
7 changed files with 46 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/template_tests/filter_tests/test_urlize.py
View File

@@ -321,6 +321,11 @@ class FunctionTests(SimpleTestCase):
'<a href="http://example.com?x=" rel="nofollow">'
"http://example.com?x=&amp;</a>;;",
)
self.assertEqual(
urlize("http://example.com?x=&amp.;...;", autoescape=False),
'<a href="http://example.com?x=" rel="nofollow">'
"http://example.com?x=&amp</a>.;...;",
)
def test_brackets(self):
"""

1
tests/utils_tests/test_html.py
View File

@@ -375,6 +375,7 @@ class TestUtilsHtml(SimpleTestCase):
"&:" + ";" * 100_000,
"&.;" * 100_000,
".;" * 100_000,
"&" + ";:" * 100_000,
)
for value in tests:
with self.subTest(value=value):