mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-25 22:56:12 +00:00
Code Issues 32 Releases Wiki Activity

Fixed escaping regression in urlize filter.

Browse Source 
Now that the URL is always unescaped as of refs #22267,
we should re-escape it before inserting it into the anchor.
This commit is contained in:
Tim Graham
2015-03-10 18:40:33 -04:00
parent 57d42aef97
commit 7b1a67cce5
3 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
django/utils/html.py
View File

@@ -337,7 +337,7 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
if autoescape and not safe_input:
lead, trail = escape(lead), escape(trail)
trimmed = escape(trimmed)
middle = '<a href="%s"%s>%s</a>' % (url, nofollow_attr, trimmed)
middle = '<a href="%s"%s>%s</a>' % (escape(url), nofollow_attr, trimmed)
words[i] = mark_safe('%s%s%s' % (lead, middle, trail))
else:
if safe_input: