Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #16395 -- Prevented urlize from highlighting some malformed URL…

…s. Thanks BernhardEssl for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17358 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 27508918fbbbfda6f5e3b697bbea6bf2c4a6b8b8 1 parent 40f0ecc
Aymeric Augustin authored January 08, 2012
8  django/utils/html.py
@@ -23,6 +23,8 @@
23 23
 punctuation_re = re.compile('^(?P<lead>(?:%s)*)(?P<middle>.*?)(?P<trail>(?:%s)*)$' % \
24 24
     ('|'.join([re.escape(x) for x in LEADING_PUNCTUATION]),
25 25
     '|'.join([re.escape(x) for x in TRAILING_PUNCTUATION])))
  26
+simple_url_re = re.compile(r'^https?://\w')
  27
+simple_url_2_re = re.compile(r'^www\.|^(?!http)\w[^@]+\.(com|net|org)$')
26 28
 simple_email_re = re.compile(r'^\S+@\S+\.\S+$')
27 29
 link_target_attribute_re = re.compile(r'(<a [^>]*?)target=[^\s>]+')
28 30
 html_gunk_re = re.compile(r'(?:<br clear="all">|<i><\/i>|<b><\/b>|<em><\/em>|<strong><\/strong>|<\/?smallcaps>|<\/?uppercase>)', re.IGNORECASE)
@@ -150,11 +152,9 @@ def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
150 152
             # Make URL we want to point to.
151 153
             url = None
152 154
             nofollow_attr = ' rel="nofollow"' if nofollow else ''
153  
-            if middle.startswith('http://') or middle.startswith('https://'):
  155
+            if simple_url_re.match(middle):
154 156
                 url = smart_urlquote(middle)
155  
-            elif middle.startswith('www.') or ('@' not in middle and \
156  
-                    middle and middle[0] in string.ascii_letters + string.digits and \
157  
-                    (middle.endswith('.org') or middle.endswith('.net') or middle.endswith('.com'))):
  157
+            elif simple_url_2_re.match(middle):
158 158
                 url = smart_urlquote('http://%s' % middle)
159 159
             elif not ':' in middle and simple_email_re.match(middle):
160 160
                 local, domain = middle.rsplit('@', 1)
8  tests/regressiontests/defaultfilters/tests.py
@@ -268,6 +268,14 @@ def test_urlize(self):
268 268
         self.assertEqual(urlize('info@c✶.org'),
269 269
             u'<a href="mailto:info@xn--c-lgq.org">info@c✶.org</a>')
270 270
 
  271
+        # Check urlize doesn't highlight malformed URIs - see #16395
  272
+        self.assertEqual(urlize('http:///www.google.com'),
  273
+           u'http:///www.google.com')
  274
+        self.assertEqual(urlize('http://.google.com'),
  275
+            u'http://.google.com')
  276
+        self.assertEqual(urlize('http://@foo.com'),
  277
+            u'http://@foo.com')
  278
+
271 279
     def test_wordcount(self):
272 280
         self.assertEqual(wordcount(''), 0)
273 281
         self.assertEqual(wordcount(u'oneword'), 1)

0 notes on commit 2750891

Please sign in to comment.
Something went wrong with that request. Please try again.