Fixed urlize regression with entities in query strings (ec808e80) · Commits · Dom Sekotill / django

django/utils/html.py

+7 −7

Original line number	Diff line number	Diff line
		@@ -282,17 +282,17 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
		smart_urlquote. For example:
		http://example.com?x=1&y=<2> => http://example.com?x=1&y=<2>
		"""
		if not safe_input:
		return text, text, trail
		unescaped = (text + trail).replace(
		'&', '&').replace('<', '<').replace(
		'>', '>').replace('"', '"').replace(''', "'")
		# ';' in trail can be either trailing punctuation or end-of-entity marker
		if unescaped.endswith(';'):
		return text, unescaped[:-1], trail
		else:
		if trail and unescaped.endswith(trail):
		# Remove trail for unescaped if it was not consumed by unescape
		unescaped = unescaped[:-len(trail)]
		elif trail == ';':
		# Trail was consumed by unescape (as end-of-entity marker), move it to text
		text += trail
		return text, unescaped, ''
		trail = ''
		return text, unescaped, trail

		words = word_split_re.split(force_text(text))
		for i, word in enumerate(words):

+8 −0

Original line number	Diff line number	Diff line
		@@ -73,6 +73,14 @@ class UrlizeTests(SimpleTestCase):
		'Email me at <<a href="mailto:me@example.com">me@example.com</a>>',
		)

		@setup({'urlize09': '{% autoescape off %}{{ a\|urlize }}{% endautoescape %}'})
		def test_urlize09(self):
		output = self.engine.render_to_string('urlize09', {'a': "http://example.com/?x=&y=<2>"})
		self.assertEqual(
		output,
		'<a href="http://example.com/?x=&y=%3C2%3E" rel="nofollow">http://example.com/?x=&y=<2></a>',
		)


		class FunctionTests(SimpleTestCase):