1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00

Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.

Thanks Florian Apolloner for assisting with the patch.
This commit is contained in:
Tim Graham
2018-02-24 11:30:11 -05:00
parent 4d2a2c83c7
commit 8618271caa
5 changed files with 63 additions and 12 deletions

View File

@@ -253,3 +253,12 @@ class TestUtilsHtml(SimpleTestCase):
for value, output in tests:
with self.subTest(value=value):
self.assertEqual(urlize(value), output)
def test_urlize_unchanged_inputs(self):
tests = (
('a' + '@a' * 50000) + 'a', # simple_email_re catastrophic test
('a' + '.' * 1000000) + 'a', # trailing_punctuation catastrophic test
)
for value in tests:
with self.subTest(value=value):
self.assertEqual(urlize(value), value)