Fixed urlize regression with entities in query strings

Refs #22267.
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.

django/utils/html.py

@@ -282,17 +282,17 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
         smart_urlquote. For example:
         http://example.com?x=1&amp;y=&lt;2&gt; => http://example.com?x=1&y=<2>
         """
-        if not safe_input:
-            return text, text, trail
         unescaped = (text + trail).replace(
             '&amp;', '&').replace('&lt;', '<').replace(
             '&gt;', '>').replace('&quot;', '"').replace('&#39;', "'")
-        # ';' in trail can be either trailing punctuation or end-of-entity marker
+        if trail and unescaped.endswith(trail):
-        if unescaped.endswith(';'):
+            # Remove trail for unescaped if it was not consumed by unescape
-            return text, unescaped[:-1], trail
+            unescaped = unescaped[:-len(trail)]
-        else:
+        elif trail == ';':
+            # Trail was consumed by unescape (as end-of-entity marker), move it to text
             text += trail
-            return text, unescaped, ''
+            trail = ''
+        return text, unescaped, trail
 
     words = word_split_re.split(force_text(text))
     for i, word in enumerate(words):

tests/template_tests/filter_tests/test_urlize.py

@@ -73,6 +73,14 @@ class UrlizeTests(SimpleTestCase):
             'Email me at &lt;<a href="mailto:me@example.com">me@example.com</a>&gt;',
         )
 
+    @setup({'urlize09': '{% autoescape off %}{{ a|urlize }}{% endautoescape %}'})
+    def test_urlize09(self):
+        output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&amp;y=&lt;2&gt;"})
+        self.assertEqual(
+            output,
+            '<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&amp;y=&lt;2&gt;</a>',
+        )
+
 
 class FunctionTests(SimpleTestCase):