mirror of
https://github.com/django/django.git
synced 2025-01-14 04:18:17 +00:00
[1.8.x] Fixed escaping regression in urlize filter.
Now that the URL is always unescaped as of refs #22267,
we should re-escape it before inserting it into the anchor.
Backport of 7b1a67cce5
from master
This commit is contained in:
parent
12e199356e
commit
aba74d6f1e
@ -345,7 +345,7 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
|
|||||||
if autoescape and not safe_input:
|
if autoescape and not safe_input:
|
||||||
lead, trail = escape(lead), escape(trail)
|
lead, trail = escape(lead), escape(trail)
|
||||||
trimmed = escape(trimmed)
|
trimmed = escape(trimmed)
|
||||||
middle = '<a href="%s"%s>%s</a>' % (url, nofollow_attr, trimmed)
|
middle = '<a href="%s"%s>%s</a>' % (escape(url), nofollow_attr, trimmed)
|
||||||
words[i] = mark_safe('%s%s%s' % (lead, middle, trail))
|
words[i] = mark_safe('%s%s%s' % (lead, middle, trail))
|
||||||
else:
|
else:
|
||||||
if safe_input:
|
if safe_input:
|
||||||
|
@ -18,8 +18,8 @@ class UrlizeTests(SimpleTestCase):
|
|||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
output,
|
output,
|
||||||
'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
|
'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
|
||||||
'<a href="http://example.com?x=&y=%3C2%3E" rel="nofollow">http://example.com?x=&y=<2></a>'
|
'<a href="http://example.com?x=&y=%3C2%3E" rel="nofollow">http://example.com?x=&y=<2></a>'
|
||||||
)
|
)
|
||||||
|
|
||||||
@setup({'urlize02': '{{ a|urlize }} {{ b|urlize }}'})
|
@setup({'urlize02': '{{ a|urlize }} {{ b|urlize }}'})
|
||||||
@ -30,8 +30,8 @@ class UrlizeTests(SimpleTestCase):
|
|||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
output,
|
output,
|
||||||
'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
|
'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
|
||||||
'<a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'
|
'<a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'
|
||||||
)
|
)
|
||||||
|
|
||||||
@setup({'urlize03': '{% autoescape off %}{{ a|urlize }}{% endautoescape %}'})
|
@setup({'urlize03': '{% autoescape off %}{{ a|urlize }}{% endautoescape %}'})
|
||||||
@ -78,7 +78,7 @@ class UrlizeTests(SimpleTestCase):
|
|||||||
output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&y=<2>"})
|
output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&y=<2>"})
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
output,
|
output,
|
||||||
'<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>',
|
'<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -19,8 +19,8 @@ class UrlizetruncTests(SimpleTestCase):
|
|||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
output,
|
output,
|
||||||
'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
|
'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
|
||||||
'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
|
'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
|
||||||
)
|
)
|
||||||
|
|
||||||
@setup({'urlizetrunc02': '{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}'})
|
@setup({'urlizetrunc02': '{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}'})
|
||||||
@ -34,8 +34,8 @@ class UrlizetruncTests(SimpleTestCase):
|
|||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
output,
|
output,
|
||||||
'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
|
'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
|
||||||
'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
|
'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@ -72,7 +72,7 @@ class FunctionTests(SimpleTestCase):
|
|||||||
def test_query_string(self):
|
def test_query_string(self):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
urlizetrunc('http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&meta=', 20),
|
urlizetrunc('http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&meta=', 20),
|
||||||
'<a href="http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&'
|
'<a href="http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&'
|
||||||
'meta=" rel="nofollow">http://www.google...</a>',
|
'meta=" rel="nofollow">http://www.google...</a>',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user