mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
Fixed escaping regression in urlize filter.
Now that the URL is always unescaped as of refs #22267, we should re-escape it before inserting it into the anchor.
This commit is contained in:
parent
57d42aef97
commit
7b1a67cce5
@ -337,7 +337,7 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
|
||||
if autoescape and not safe_input:
|
||||
lead, trail = escape(lead), escape(trail)
|
||||
trimmed = escape(trimmed)
|
||||
middle = '<a href="%s"%s>%s</a>' % (url, nofollow_attr, trimmed)
|
||||
middle = '<a href="%s"%s>%s</a>' % (escape(url), nofollow_attr, trimmed)
|
||||
words[i] = mark_safe('%s%s%s' % (lead, middle, trail))
|
||||
else:
|
||||
if safe_input:
|
||||
|
@ -18,8 +18,8 @@ class UrlizeTests(SimpleTestCase):
|
||||
)
|
||||
self.assertEqual(
|
||||
output,
|
||||
'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
|
||||
'<a href="http://example.com?x=&y=%3C2%3E" rel="nofollow">http://example.com?x=&y=<2></a>'
|
||||
'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
|
||||
'<a href="http://example.com?x=&y=%3C2%3E" rel="nofollow">http://example.com?x=&y=<2></a>'
|
||||
)
|
||||
|
||||
@setup({'urlize02': '{{ a|urlize }} {{ b|urlize }}'})
|
||||
@ -30,8 +30,8 @@ class UrlizeTests(SimpleTestCase):
|
||||
)
|
||||
self.assertEqual(
|
||||
output,
|
||||
'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
|
||||
'<a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'
|
||||
'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
|
||||
'<a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'
|
||||
)
|
||||
|
||||
@setup({'urlize03': '{% autoescape off %}{{ a|urlize }}{% endautoescape %}'})
|
||||
@ -78,7 +78,7 @@ class UrlizeTests(SimpleTestCase):
|
||||
output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&y=<2>"})
|
||||
self.assertEqual(
|
||||
output,
|
||||
'<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>',
|
||||
'<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>',
|
||||
)
|
||||
|
||||
|
||||
|
@ -19,8 +19,8 @@ class UrlizetruncTests(SimpleTestCase):
|
||||
)
|
||||
self.assertEqual(
|
||||
output,
|
||||
'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
|
||||
'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
|
||||
'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
|
||||
'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
|
||||
)
|
||||
|
||||
@setup({'urlizetrunc02': '{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}'})
|
||||
@ -34,8 +34,8 @@ class UrlizetruncTests(SimpleTestCase):
|
||||
)
|
||||
self.assertEqual(
|
||||
output,
|
||||
'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
|
||||
'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
|
||||
'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
|
||||
'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
|
||||
)
|
||||
|
||||
|
||||
@ -72,7 +72,7 @@ class FunctionTests(SimpleTestCase):
|
||||
def test_query_string(self):
|
||||
self.assertEqual(
|
||||
urlizetrunc('http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&meta=', 20),
|
||||
'<a href="http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&'
|
||||
'<a href="http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&'
|
||||
'meta=" rel="nofollow">http://www.google...</a>',
|
||||
)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user