mirror of
https://github.com/django/django.git
synced 2025-10-24 14:16:09 +00:00
Fixed urlize regression with entities in query strings
Refs #22267. Thanks Shai Berger for spotting the issue and Tim Graham for the initial patch.
This commit is contained in:
@@ -282,17 +282,17 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
|
|||||||
smart_urlquote. For example:
|
smart_urlquote. For example:
|
||||||
http://example.com?x=1&y=<2> => http://example.com?x=1&y=<2>
|
http://example.com?x=1&y=<2> => http://example.com?x=1&y=<2>
|
||||||
"""
|
"""
|
||||||
if not safe_input:
|
|
||||||
return text, text, trail
|
|
||||||
unescaped = (text + trail).replace(
|
unescaped = (text + trail).replace(
|
||||||
'&', '&').replace('<', '<').replace(
|
'&', '&').replace('<', '<').replace(
|
||||||
'>', '>').replace('"', '"').replace(''', "'")
|
'>', '>').replace('"', '"').replace(''', "'")
|
||||||
# ';' in trail can be either trailing punctuation or end-of-entity marker
|
if trail and unescaped.endswith(trail):
|
||||||
if unescaped.endswith(';'):
|
# Remove trail for unescaped if it was not consumed by unescape
|
||||||
return text, unescaped[:-1], trail
|
unescaped = unescaped[:-len(trail)]
|
||||||
else:
|
elif trail == ';':
|
||||||
|
# Trail was consumed by unescape (as end-of-entity marker), move it to text
|
||||||
text += trail
|
text += trail
|
||||||
return text, unescaped, ''
|
trail = ''
|
||||||
|
return text, unescaped, trail
|
||||||
|
|
||||||
words = word_split_re.split(force_text(text))
|
words = word_split_re.split(force_text(text))
|
||||||
for i, word in enumerate(words):
|
for i, word in enumerate(words):
|
||||||
|
@@ -73,6 +73,14 @@ class UrlizeTests(SimpleTestCase):
|
|||||||
'Email me at <<a href="mailto:me@example.com">me@example.com</a>>',
|
'Email me at <<a href="mailto:me@example.com">me@example.com</a>>',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@setup({'urlize09': '{% autoescape off %}{{ a|urlize }}{% endautoescape %}'})
|
||||||
|
def test_urlize09(self):
|
||||||
|
output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&y=<2>"})
|
||||||
|
self.assertEqual(
|
||||||
|
output,
|
||||||
|
'<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>',
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class FunctionTests(SimpleTestCase):
|
class FunctionTests(SimpleTestCase):
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user