Fixed urlize regression with entities in query strings

Refs #22267.
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.

django/utils/html.py

@@ -282,17 +282,17 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
         smart_urlquote. For example:
         http://example.com?x=1&amp;y=&lt;2&gt; => http://example.com?x=1&y=<2>
         """
-        if not safe_input:
-            return text, text, trail
         unescaped = (text + trail).replace(
             '&amp;', '&').replace('&lt;', '<').replace(
             '&gt;', '>').replace('&quot;', '"').replace('&#39;', "'")
-        # ';' in trail can be either trailing punctuation or end-of-entity marker
-        if unescaped.endswith(';'):
-            return text, unescaped[:-1], trail
-        else:
+        if trail and unescaped.endswith(trail):
+            # Remove trail for unescaped if it was not consumed by unescape
+            unescaped = unescaped[:-len(trail)]
+        elif trail == ';':
+            # Trail was consumed by unescape (as end-of-entity marker), move it to text
             text += trail
-            return text, unescaped, ''
+            trail = ''
+        return text, unescaped, trail
 
     words = word_split_re.split(force_text(text))
     for i, word in enumerate(words):