Refs #30747 -- Removed django.utils.http.is_safe_url() per deprecation timeline.

django/utils/http.py

@@ -3,7 +3,6 @@ import calendar
 import datetime
 import re
 import unicodedata
-import warnings
 from binascii import Error as BinasciiError
 from email.utils import formatdate
 from urllib.parse import (
@@ -12,7 +11,6 @@ from urllib.parse import (
 )
 
 from django.utils.datastructures import MultiValueDict
-from django.utils.deprecation import RemovedInDjango40Warning
 from django.utils.regex_helper import _lazy_re_compile
 
 # based on RFC 7232, Appendix C
@@ -267,15 +265,6 @@ def url_has_allowed_host_and_scheme(url, allowed_hosts, require_https=False):
     )
 
 
-def is_safe_url(url, allowed_hosts, require_https=False):
-    warnings.warn(
-        'django.utils.http.is_safe_url() is deprecated in favor of '
-        'url_has_allowed_host_and_scheme().',
-        RemovedInDjango40Warning, stacklevel=2,
-    )
-    return url_has_allowed_host_and_scheme(url, allowed_hosts, require_https)
-
-
 # Copied from urllib.parse.urlparse() but uses fixed urlsplit() function.
 def _urlparse(url, scheme='', allow_fragments=True):
     """Parse a URL into 6 components:

docs/releases/4.0.txt

@@ -262,6 +262,8 @@ to remove usage of these features.
 
 * ``django.utils.text.unescape_entities()`` is removed.
 
+* ``django.utils.http.is_safe_url()`` is removed.
+
 See :ref:`deprecated-features-3.1` for details on these changes, including how
 to remove usage of these features.
 

tests/utils_tests/test_http.py

@@ -5,12 +5,11 @@ from unittest import mock
 
 from django.test import SimpleTestCase
 from django.utils.datastructures import MultiValueDict
-from django.utils.deprecation import RemovedInDjango40Warning
 from django.utils.http import (
     base36_to_int, escape_leading_slashes, http_date, int_to_base36,
-    is_safe_url, is_same_domain, parse_etags, parse_http_date, parse_qsl,
+    is_same_domain, parse_etags, parse_http_date, parse_qsl, quote_etag,
-    quote_etag, url_has_allowed_host_and_scheme, urlencode,
+    url_has_allowed_host_and_scheme, urlencode, urlsafe_base64_decode,
-    urlsafe_base64_decode, urlsafe_base64_encode,
+    urlsafe_base64_encode,
 )
 
 
@@ -130,7 +129,7 @@ class Base36IntTests(SimpleTestCase):
             self.assertEqual(base36_to_int(b36), n)
 
 
-class IsSafeURLTests(SimpleTestCase):
+class URLHasAllowedHostAndSchemeTests(unittest.TestCase):
     def test_bad_urls(self):
         bad_urls = (
             'http://example.com',
@@ -234,14 +233,6 @@ class IsSafeURLTests(SimpleTestCase):
                     False,
                 )
 
-    def test_is_safe_url_deprecated(self):
-        msg = (
-            'django.utils.http.is_safe_url() is deprecated in favor of '
-            'url_has_allowed_host_and_scheme().'
-        )
-        with self.assertWarnsMessage(RemovedInDjango40Warning, msg):
-            is_safe_url('https://example.com', allowed_hosts={'example.com'})
-
 
 class URLSafeBase64Tests(unittest.TestCase):
     def test_roundtrip(self):