1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00

Fixed #29525 -- Allowed is_safe_url()'s allowed_hosts arg to be a string.

This commit is contained in:
Przemysław Suliga
2018-06-22 11:21:52 +02:00
committed by Tim Graham
parent b5dd6ef3d5
commit d22b90b4ea
3 changed files with 7 additions and 0 deletions

View File

@@ -165,6 +165,10 @@ class IsSafeURLTests(unittest.TestCase):
# Basic auth without host is not allowed.
self.assertIs(is_safe_url(r'http://testserver\@example.com', allowed_hosts=None), False)
def test_allowed_hosts_str(self):
self.assertIs(is_safe_url('http://good.com/good', allowed_hosts='good.com'), True)
self.assertIs(is_safe_url('http://good.co/evil', allowed_hosts='good.com'), False)
def test_secure_param_https_urls(self):
secure_urls = (
'https://example.com/p',