Fixed #16395 -- Prevented urlize from highlighting some malformed URLs. Thanks BernhardEssl for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17358 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Aymeric Augustin 2012-01-08 15:43:32 +00:00
parent 40f0ecc56a
commit 27508918fb
2 changed files with 12 additions and 4 deletions

View File

@ -23,6 +23,8 @@ word_split_re = re.compile(r'(\s+)')
punctuation_re = re.compile('^(?P<lead>(?:%s)*)(?P<middle>.*?)(?P<trail>(?:%s)*)$' % \ punctuation_re = re.compile('^(?P<lead>(?:%s)*)(?P<middle>.*?)(?P<trail>(?:%s)*)$' % \
('|'.join([re.escape(x) for x in LEADING_PUNCTUATION]), ('|'.join([re.escape(x) for x in LEADING_PUNCTUATION]),
'|'.join([re.escape(x) for x in TRAILING_PUNCTUATION]))) '|'.join([re.escape(x) for x in TRAILING_PUNCTUATION])))
simple_url_re = re.compile(r'^https?://\w')
simple_url_2_re = re.compile(r'^www\.|^(?!http)\w[^@]+\.(com|net|org)$')
simple_email_re = re.compile(r'^\S+@\S+\.\S+$') simple_email_re = re.compile(r'^\S+@\S+\.\S+$')
link_target_attribute_re = re.compile(r'(<a [^>]*?)target=[^\s>]+') link_target_attribute_re = re.compile(r'(<a [^>]*?)target=[^\s>]+')
html_gunk_re = re.compile(r'(?:<br clear="all">|<i><\/i>|<b><\/b>|<em><\/em>|<strong><\/strong>|<\/?smallcaps>|<\/?uppercase>)', re.IGNORECASE) html_gunk_re = re.compile(r'(?:<br clear="all">|<i><\/i>|<b><\/b>|<em><\/em>|<strong><\/strong>|<\/?smallcaps>|<\/?uppercase>)', re.IGNORECASE)
@ -150,11 +152,9 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
# Make URL we want to point to. # Make URL we want to point to.
url = None url = None
nofollow_attr = ' rel="nofollow"' if nofollow else '' nofollow_attr = ' rel="nofollow"' if nofollow else ''
if middle.startswith('http://') or middle.startswith('https://'): if simple_url_re.match(middle):
url = smart_urlquote(middle) url = smart_urlquote(middle)
elif middle.startswith('www.') or ('@' not in middle and \ elif simple_url_2_re.match(middle):
middle and middle[0] in string.ascii_letters + string.digits and \
(middle.endswith('.org') or middle.endswith('.net') or middle.endswith('.com'))):
url = smart_urlquote('http://%s' % middle) url = smart_urlquote('http://%s' % middle)
elif not ':' in middle and simple_email_re.match(middle): elif not ':' in middle and simple_email_re.match(middle):
local, domain = middle.rsplit('@', 1) local, domain = middle.rsplit('@', 1)

View File

@ -268,6 +268,14 @@ class DefaultFiltersTests(TestCase):
self.assertEqual(urlize('info@c✶.org'), self.assertEqual(urlize('info@c✶.org'),
u'<a href="mailto:info@xn--c-lgq.org">info@c✶.org</a>') u'<a href="mailto:info@xn--c-lgq.org">info@c✶.org</a>')
# Check urlize doesn't highlight malformed URIs - see #16395
self.assertEqual(urlize('http:///www.google.com'),
u'http:///www.google.com')
self.assertEqual(urlize('http://.google.com'),
u'http://.google.com')
self.assertEqual(urlize('http://@foo.com'),
u'http://@foo.com')
def test_wordcount(self): def test_wordcount(self):
self.assertEqual(wordcount(''), 0) self.assertEqual(wordcount(''), 0)
self.assertEqual(wordcount(u'oneword'), 1) self.assertEqual(wordcount(u'oneword'), 1)