[1.8.x] Fixed escaping regression in urlize filter. (aba74d6f) · Commits · Dom Sekotill / django

django/utils/html.py

+1 −1

Original line number	Diff line number	Diff line
		@@ -345,7 +345,7 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
		if autoescape and not safe_input:
		lead, trail = escape(lead), escape(trail)
		trimmed = escape(trimmed)
		middle = '<a href="%s"%s>%s</a>' % (url, nofollow_attr, trimmed)
		middle = '<a href="%s"%s>%s</a>' % (escape(url), nofollow_attr, trimmed)
		words[i] = mark_safe('%s%s%s' % (lead, middle, trail))
		else:
		if safe_input:

+5 −5

Original line number	Diff line number	Diff line
		@@ -18,8 +18,8 @@ class UrlizeTests(SimpleTestCase):
		)
		self.assertEqual(
		output,
		'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
		'<a href="http://example.com?x=&y=%3C2%3E" rel="nofollow">http://example.com?x=&y=<2></a>'
		'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
		'<a href="http://example.com?x=&y=%3C2%3E" rel="nofollow">http://example.com?x=&y=<2></a>'
		)

		@setup({'urlize02': '{{ a\|urlize }} {{ b\|urlize }}'})
		@@ -30,8 +30,8 @@ class UrlizeTests(SimpleTestCase):
		)
		self.assertEqual(
		output,
		'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
		'<a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'
		'<a href="http://example.com/?x=&y=" rel="nofollow">http://example.com/?x=&y=</a> '
		'<a href="http://example.com?x=&y=" rel="nofollow">http://example.com?x=&y=</a>'
		)

		@setup({'urlize03': '{% autoescape off %}{{ a\|urlize }}{% endautoescape %}'})
		@@ -78,7 +78,7 @@ class UrlizeTests(SimpleTestCase):
		output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&y=<2>"})
		self.assertEqual(
		output,
		'<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>',
		'<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>',
		)

+5 −5

Original line number	Diff line number	Diff line
		@@ -19,8 +19,8 @@ class UrlizetruncTests(SimpleTestCase):
		)
		self.assertEqual(
		output,
		'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
		'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
		'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
		'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
		)

		@setup({'urlizetrunc02': '{{ a\|urlizetrunc:"8" }} {{ b\|urlizetrunc:"8" }}'})
		@@ -34,8 +34,8 @@ class UrlizetruncTests(SimpleTestCase):
		)
		self.assertEqual(
		output,
		'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
		'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
		'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> '
		'"Safe" <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'
		)


		@@ -72,7 +72,7 @@ class FunctionTests(SimpleTestCase):
		def test_query_string(self):
		self.assertEqual(
		urlizetrunc('http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&meta=', 20),
		'<a href="http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&'
		'<a href="http://www.google.co.uk/search?hl=en&q=some+long+url&btnG=Search&'
		'meta=" rel="nofollow">http://www.google...</a>',
		)