mirror of
				https://github.com/django/django.git
				synced 2025-10-26 07:06:08 +00:00 
			
		
		
		
	Fixed urlize regression with entities in query strings
Refs #22267. Thanks Shai Berger for spotting the issue and Tim Graham for the initial patch.
This commit is contained in:
		| @@ -282,17 +282,17 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False): | |||||||
|         smart_urlquote. For example: |         smart_urlquote. For example: | ||||||
|         http://example.com?x=1&y=<2> => http://example.com?x=1&y=<2> |         http://example.com?x=1&y=<2> => http://example.com?x=1&y=<2> | ||||||
|         """ |         """ | ||||||
|         if not safe_input: |  | ||||||
|             return text, text, trail |  | ||||||
|         unescaped = (text + trail).replace( |         unescaped = (text + trail).replace( | ||||||
|             '&', '&').replace('<', '<').replace( |             '&', '&').replace('<', '<').replace( | ||||||
|             '>', '>').replace('"', '"').replace(''', "'") |             '>', '>').replace('"', '"').replace(''', "'") | ||||||
|         # ';' in trail can be either trailing punctuation or end-of-entity marker |         if trail and unescaped.endswith(trail): | ||||||
|         if unescaped.endswith(';'): |             # Remove trail for unescaped if it was not consumed by unescape | ||||||
|             return text, unescaped[:-1], trail |             unescaped = unescaped[:-len(trail)] | ||||||
|         else: |         elif trail == ';': | ||||||
|  |             # Trail was consumed by unescape (as end-of-entity marker), move it to text | ||||||
|             text += trail |             text += trail | ||||||
|             return text, unescaped, '' |             trail = '' | ||||||
|  |         return text, unescaped, trail | ||||||
|  |  | ||||||
|     words = word_split_re.split(force_text(text)) |     words = word_split_re.split(force_text(text)) | ||||||
|     for i, word in enumerate(words): |     for i, word in enumerate(words): | ||||||
|   | |||||||
| @@ -73,6 +73,14 @@ class UrlizeTests(SimpleTestCase): | |||||||
|             'Email me at <<a href="mailto:me@example.com">me@example.com</a>>', |             'Email me at <<a href="mailto:me@example.com">me@example.com</a>>', | ||||||
|         ) |         ) | ||||||
|  |  | ||||||
|  |     @setup({'urlize09': '{% autoescape off %}{{ a|urlize }}{% endautoescape %}'}) | ||||||
|  |     def test_urlize09(self): | ||||||
|  |         output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&y=<2>"}) | ||||||
|  |         self.assertEqual( | ||||||
|  |             output, | ||||||
|  |             '<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>', | ||||||
|  |         ) | ||||||
|  |  | ||||||
|  |  | ||||||
| class FunctionTests(SimpleTestCase): | class FunctionTests(SimpleTestCase): | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user