From 3ed9c7bdfe9f40d31dadb6734a5692c8b9d6d6dc Mon Sep 17 00:00:00 2001
From: Tim Graham <timograham@gmail.com>
Date: Wed, 4 Mar 2015 09:36:34 -0500
Subject: [PATCH] Fixed #24471 -- Enhanced urlize regex to exclude quotes and
 angle brackets.

---
 django/utils/html.py                          |  2 +-
 .../filter_tests/test_urlize.py               | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/django/utils/html.py b/django/utils/html.py
index 779155e88c2..9f9fbdb2a5a 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -26,7 +26,7 @@ WRAPPING_PUNCTUATION = [('(', ')'), ('<', '>'), ('[', ']'), ('&lt;', '&gt;'), ('
 DOTS = ['&middot;', '*', '\u2022', '&#149;', '&bull;', '&#8226;']
 
 unencoded_ampersands_re = re.compile(r'&(?!(\w+|#\d+);)')
-word_split_re = re.compile(r'(\s+)')
+word_split_re = re.compile(r'''([\s<>"']+)''')
 simple_url_re = re.compile(r'^https?://\[?\w', re.IGNORECASE)
 simple_url_2_re = re.compile(r'^www\.|^(?!http)\w[^@]+\.(com|edu|gov|int|mil|net|org)($|/.*)$', re.IGNORECASE)
 simple_email_re = re.compile(r'^\S+@\S+\.\S+$')
diff --git a/tests/template_tests/filter_tests/test_urlize.py b/tests/template_tests/filter_tests/test_urlize.py
index 38a0a3e3ed1..c2efdd3e17d 100644
--- a/tests/template_tests/filter_tests/test_urlize.py
+++ b/tests/template_tests/filter_tests/test_urlize.py
@@ -106,6 +106,26 @@ class FunctionTests(SimpleTestCase):
             '<a href="http://djangoproject.org/" rel="nofollow">djangoproject.org/</a>',
         )
 
+    def test_url_split_chars(self):
+        # Quotes (single and double) and angle brackets shouldn't be considered
+        # part of URLs.
+        self.assertEqual(
+            urlize('www.server.com"abc'),
+            '<a href="http://www.server.com" rel="nofollow">www.server.com</a>&quot;abc',
+        )
+        self.assertEqual(
+            urlize('www.server.com\'abc'),
+            '<a href="http://www.server.com" rel="nofollow">www.server.com</a>&#39;abc',
+        )
+        self.assertEqual(
+            urlize('www.server.com<abc'),
+            '<a href="http://www.server.com" rel="nofollow">www.server.com</a>&lt;abc',
+        )
+        self.assertEqual(
+            urlize('www.server.com>abc'),
+            '<a href="http://www.server.com" rel="nofollow">www.server.com</a>&gt;abc',
+        )
+
     def test_email(self):
         self.assertEqual(
             urlize('info@djangoproject.org'),