django/django
1
1
Fork 0
mirror of https://github.com/django/django.git synced 2025-09-05 11:55:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed #35533 -- Prevented urlize creating broken links given a markdown link input.

Browse Source 
Signed-off-by: SaJH <wogur981208@gmail.com>
This commit is contained in:
SaJH 2025-08-27 23:25:43 +09:00 committed by Sarah Boyce
parent 05bac8c420
commit a9fe98d5bd
3 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
django/utils/html.py
View File

@ -10,7 +10,7 @@ from urllib.parse import parse_qsl, quote, unquote, urlencode, urlsplit, urlunsp
from django.conf import settings from django.conf import settings
from django.core.exceptions import SuspiciousOperation, ValidationError from django.core.exceptions import SuspiciousOperation, ValidationError
from django.core.validators import EmailValidator from django.core.validators import DomainNameValidator, EmailValidator
from django.utils.deprecation import RemovedInDjango70Warning from django.utils.deprecation import RemovedInDjango70Warning
from django.utils.functional import Promise, cached_property, keep_lazy, keep_lazy_text from django.utils.functional import Promise, cached_property, keep_lazy, keep_lazy_text
from django.utils.http import MAX_URL_LENGTH, RFC3986_GENDELIMS, RFC3986_SUBDELIMS from django.utils.http import MAX_URL_LENGTH, RFC3986_GENDELIMS, RFC3986_SUBDELIMS
@ -296,7 +296,9 @@ class Urlizer:
simple_url_re = _lazy_re_compile(r"^https?://\[?\w", re.IGNORECASE) simple_url_re = _lazy_re_compile(r"^https?://\[?\w", re.IGNORECASE)
simple_url_2_re = _lazy_re_compile( simple_url_2_re = _lazy_re_compile(
r"^www\.|^(?!http)\w[^@]+\.(com|edu|gov|int|mil|net|org)($|/.*)$", re.IGNORECASE rf"^www\.|^(?!http)(?:{DomainNameValidator.hostname_re})"
r"\.(com|edu|gov|int|mil|net|org)($|/.*)$",
re.IGNORECASE,
) )
word_split_re = _lazy_re_compile(r"""([\s<>"']+)""") word_split_re = _lazy_re_compile(r"""([\s<>"']+)""")

5
tests/template_tests/filter_tests/test_urlize.py
View File

@ -359,9 +359,8 @@ class FunctionTests(SimpleTestCase):
"www.example.com</a>]", "www.example.com</a>]",
) )
self.assertEqual( self.assertEqual(
urlize("see test[at[example.com"), urlize("see test[at[example.com"), # Invalid hostname.
'see <a href="https://test[at[example.com" rel="nofollow">' "see test[at[example.com",
"test[at[example.com</a>",
) )
self.assertEqual( self.assertEqual(
urlize("[http://168.192.0.1](http://168.192.0.1)"), urlize("[http://168.192.0.1](http://168.192.0.1)"),

1
tests/utils_tests/test_html.py
View File

@ -489,6 +489,7 @@ class TestUtilsHtml(SimpleTestCase):
"foo@localhost.", "foo@localhost.",
"test@example?;+!.com", "test@example?;+!.com",
"email me@example.com,then I'll respond", "email me@example.com,then I'll respond",
"[a link](https://www.djangoproject.com/)",
# trim_punctuation catastrophic tests # trim_punctuation catastrophic tests
"(" * 100_000 + ":" + ")" * 100_000, "(" * 100_000 + ":" + ")" * 100_000,
"(" * 100_000 + "&:" + ")" * 100_000, "(" * 100_000 + "&:" + ")" * 100_000,