From 7b1a67cce52e5c191fbfa1bca501c6f0222db019 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Tue, 10 Mar 2015 18:40:33 -0400 Subject: [PATCH] Fixed escaping regression in urlize filter. Now that the URL is always unescaped as of refs #22267, we should re-escape it before inserting it into the anchor. --- django/utils/html.py | 2 +- tests/template_tests/filter_tests/test_urlize.py | 10 +++++----- tests/template_tests/filter_tests/test_urlizetrunc.py | 10 +++++----- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/django/utils/html.py b/django/utils/html.py index 63a895b432..779155e88c 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -337,7 +337,7 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False): if autoescape and not safe_input: lead, trail = escape(lead), escape(trail) trimmed = escape(trimmed) - middle = '%s' % (url, nofollow_attr, trimmed) + middle = '%s' % (escape(url), nofollow_attr, trimmed) words[i] = mark_safe('%s%s%s' % (lead, middle, trail)) else: if safe_input: diff --git a/tests/template_tests/filter_tests/test_urlize.py b/tests/template_tests/filter_tests/test_urlize.py index ee6744e6cb..38a0a3e3ed 100644 --- a/tests/template_tests/filter_tests/test_urlize.py +++ b/tests/template_tests/filter_tests/test_urlize.py @@ -18,8 +18,8 @@ class UrlizeTests(SimpleTestCase): ) self.assertEqual( output, - 'http://example.com/?x=&y= ' - 'http://example.com?x=&y=<2>' + 'http://example.com/?x=&y= ' + 'http://example.com?x=&y=<2>' ) @setup({'urlize02': '{{ a|urlize }} {{ b|urlize }}'}) @@ -30,8 +30,8 @@ class UrlizeTests(SimpleTestCase): ) self.assertEqual( output, - 'http://example.com/?x=&y= ' - 'http://example.com?x=&y=' + 'http://example.com/?x=&y= ' + 'http://example.com?x=&y=' ) @setup({'urlize03': '{% autoescape off %}{{ a|urlize }}{% endautoescape %}'}) @@ -78,7 +78,7 @@ class UrlizeTests(SimpleTestCase): output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&y=<2>"}) self.assertEqual( output, - 'http://example.com/?x=&y=<2>', + 'http://example.com/?x=&y=<2>', ) diff --git a/tests/template_tests/filter_tests/test_urlizetrunc.py b/tests/template_tests/filter_tests/test_urlizetrunc.py index 2b4b18e1f5..cb5c2a6daf 100644 --- a/tests/template_tests/filter_tests/test_urlizetrunc.py +++ b/tests/template_tests/filter_tests/test_urlizetrunc.py @@ -19,8 +19,8 @@ class UrlizetruncTests(SimpleTestCase): ) self.assertEqual( output, - '"Unsafe" http:... ' - '"Safe" http:...' + '"Unsafe" http:... ' + '"Safe" http:...' ) @setup({'urlizetrunc02': '{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}'}) @@ -34,8 +34,8 @@ class UrlizetruncTests(SimpleTestCase): ) self.assertEqual( output, - '"Unsafe" http:... ' - '"Safe" http:...' + '"Unsafe" http:... ' + '"Safe" http:...' ) @@ -72,7 +72,7 @@ class FunctionTests(SimpleTestCase): def test_query_string(self): self.assertEqual( urlizetrunc('http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&meta=', 20), - 'http://www.google...', )