Prevented reverse() from generating URLs pointing to other hosts.

This is a security fix. Disclosure following shortly.
2025-10-23 21:59:11 +00:00 · 2014-07-17 21:59:28 +02:00
parent ec71191be0
commit 28e765810d
6 changed files with 50 additions and 1 deletions
--- a/tests/urlpatterns_reverse/tests.py
+++ b/tests/urlpatterns_reverse/tests.py
@@ -152,6 +152,9 @@ test_data = (
    ('defaults', '/defaults_view2/3/', [], {'arg1': 3, 'arg2': 2}),
    ('defaults', NoReverseMatch, [], {'arg1': 3, 'arg2': 3}),
    ('defaults', NoReverseMatch, [], {'arg2': 1}),
+
+    # Security tests
+    ('security', '/%2Fexample.com/security/', ['/example.com'], {}),
 )