Code

Ticket #6279: urlize.diff

File urlize.diff, 2.3 KB (added by Rob Hudson <treborhudson@…>, 6 years ago)

Adding a patch and regression test

Line 
1Index: django/utils/html.py
2===================================================================
3--- django/utils/html.py        (revision 6979)
4+++ django/utils/html.py        (working copy)
5@@ -112,6 +112,10 @@
6             if '@' in middle and not middle.startswith('www.') and \
7                     not ':' in middle and simple_email_re.match(middle):
8                 middle = '<a href="mailto:%s">%s</a>' % (middle, middle)
9+                if lead:
10+                    lead = escape(lead)
11+                if trail:
12+                    trail = escape(trail)
13             if lead + middle + trail != word:
14                 words[i] = lead + middle + trail
15             elif autoescape and not safe_input:
16Index: tests/regressiontests/templates/filters.py
17===================================================================
18--- tests/regressiontests/templates/filters.py  (revision 6979)
19+++ tests/regressiontests/templates/filters.py  (working copy)
20@@ -108,6 +108,10 @@
21         'filter-urlize05': ('{% autoescape off %}{{ a|urlize }}{% endautoescape %}', {"a": "<script>alert('foo')</script>"}, "<script>alert('foo')</script>"),
22         'filter-urlize06': ('{{ a|urlize }}', {"a": "<script>alert('foo')</script>"}, '&lt;script&gt;alert(&#39;foo&#39;)&lt;/script&gt;'),
23 
24+        # Test urlize with mailto: links
25+        'filter-urlize07': ('{{ a|urlize }}', {"a": "Email me at me@example.com"}, 'Email me at <a href="mailto:me@example.com">me@example.com</a>'),
26+        'filter-urlize08': ('{{ a|urlize }}', {"a": "Email me at <me@example.com>"}, 'Email me at &lt;<a href="mailto:me@example.com">me@example.com</a>&gt;'),
27+
28         'filter-urlizetrunc01': ('{% autoescape off %}{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}{% endautoescape %}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('&quot;Safe&quot; http://example.com?x=&y=')}, u'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> &quot;Safe&quot; <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),
29         'filter-urlizetrunc02': ('{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('&quot;Safe&quot; http://example.com?x=&y=')}, u'&quot;Unsafe&quot; <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> &quot;Safe&quot; <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),
30