From 322e49ba3071022dde96f6aae71a578a1588db33 Mon Sep 17 00:00:00 2001 From: Mike Edmunds Date: Sat, 14 Dec 2024 15:57:41 -0800 Subject: [PATCH] Fixed #36012 -- Made mailto punctuation percent-encoded in Urlizer. Urlizer was not properly encoding email addresses containing punctuation in generated mailto links. Per RFC 6068, fixed by percent encoding (urllib.parse.quote) the local and domain address parts. --- django/utils/html.py | 2 ++ tests/utils_tests/test_html.py | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/django/utils/html.py b/django/utils/html.py index bc336d88a6..0d107a0da9 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -357,6 +357,8 @@ class Urlizer: domain = punycode(domain) except UnicodeError: return word + local = quote(local, safe="") + domain = quote(domain, safe="") url = self.mailto_template.format(local=local, domain=domain) nofollow_attr = "" # Make link. diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py index dc3768e6fa..0beaf98bff 100644 --- a/tests/utils_tests/test_html.py +++ b/tests/utils_tests/test_html.py @@ -376,6 +376,19 @@ class TestUtilsHtml(SimpleTestCase): + "한.글." * 15 + "aaa", ), + ( + # RFC 6068 requires a mailto URI to percent-encode a number of + # characters that can appear in . + "yes;this=is&a%valid!email@example.com", + 'yes;this=is&a%valid!email@example.com", + ), + ( + # Urlizer shouldn't urlize the "?org" part of this. But since + # it does, RFC 6068 requires percent encoding the "?". + "test@example.com?org", + 'test@example.com?org', + ), ) for value, output in tests: with self.subTest(value=value):