1
0
mirror of https://github.com/django/django.git synced 2025-01-11 19:06:26 +00:00

Fixed -- Made mailto punctuation percent-encoded in Urlizer.

Urlizer was not properly encoding email addresses containing punctuation
in generated mailto links. Per RFC 6068, fixed by percent encoding
(urllib.parse.quote) the local and domain address parts.
This commit is contained in:
Mike Edmunds 2024-12-14 15:57:41 -08:00 committed by Sarah Boyce
parent b44efdfe54
commit 322e49ba30
2 changed files with 15 additions and 0 deletions
django/utils
tests/utils_tests

View File

@ -357,6 +357,8 @@ class Urlizer:
domain = punycode(domain)
except UnicodeError:
return word
local = quote(local, safe="")
domain = quote(domain, safe="")
url = self.mailto_template.format(local=local, domain=domain)
nofollow_attr = ""
# Make link.

View File

@ -376,6 +376,19 @@ class TestUtilsHtml(SimpleTestCase):
+ "한.글." * 15
+ "aaa</a>",
),
(
# RFC 6068 requires a mailto URI to percent-encode a number of
# characters that can appear in <addr-spec>.
"yes;this=is&a%valid!email@example.com",
'<a href="mailto:yes%3Bthis%3Dis%26a%25valid%21email@example.com"'
">yes;this=is&a%valid!email@example.com</a>",
),
(
# Urlizer shouldn't urlize the "?org" part of this. But since
# it does, RFC 6068 requires percent encoding the "?".
"test@example.com?org",
'<a href="mailto:test@example.com%3Forg">test@example.com?org</a>',
),
)
for value, output in tests:
with self.subTest(value=value):