Ticket #6279: urlize.diff

File urlize.diff, 2.3 KB (added by Rob Hudson <treborhudson@…>, 8 years ago)

Adding a patch and regression test

  • django/utils/html.py

     
    112112            if '@' in middle and not middle.startswith('www.') and \
    113113                    not ':' in middle and simple_email_re.match(middle):
    114114                middle = '<a href="mailto:%s">%s</a>' % (middle, middle)
     115                if lead:
     116                    lead = escape(lead)
     117                if trail:
     118                    trail = escape(trail)
    115119            if lead + middle + trail != word:
    116120                words[i] = lead + middle + trail
    117121            elif autoescape and not safe_input:
  • tests/regressiontests/templates/filters.py

     
    108108        'filter-urlize05': ('{% autoescape off %}{{ a|urlize }}{% endautoescape %}', {"a": "<script>alert('foo')</script>"}, "<script>alert('foo')</script>"),
    109109        'filter-urlize06': ('{{ a|urlize }}', {"a": "<script>alert('foo')</script>"}, '&lt;script&gt;alert(&#39;foo&#39;)&lt;/script&gt;'),
    110110
     111        # Test urlize with mailto: links
     112        'filter-urlize07': ('{{ a|urlize }}', {"a": "Email me at me@example.com"}, 'Email me at <a href="mailto:me@example.com">me@example.com</a>'),
     113        'filter-urlize08': ('{{ a|urlize }}', {"a": "Email me at <me@example.com>"}, 'Email me at &lt;<a href="mailto:me@example.com">me@example.com</a>&gt;'),
     114
    111115        'filter-urlizetrunc01': ('{% autoescape off %}{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}{% endautoescape %}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('&quot;Safe&quot; http://example.com?x=&y=')}, u'"Unsafe" <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> &quot;Safe&quot; <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),
    112116        'filter-urlizetrunc02': ('{{ a|urlizetrunc:"8" }} {{ b|urlizetrunc:"8" }}', {"a": '"Unsafe" http://example.com/x=&y=', "b": mark_safe('&quot;Safe&quot; http://example.com?x=&y=')}, u'&quot;Unsafe&quot; <a href="http://example.com/x=&y=" rel="nofollow">http:...</a> &quot;Safe&quot; <a href="http://example.com?x=&y=" rel="nofollow">http:...</a>'),
    113117
Back to Top