Opened 14 years ago
Closed 14 years ago
#16395 closed Cleanup/optimization (fixed)
urlize works with malformed URLs
| Reported by: | Bernhard Essl | Owned by: | nobody |
|---|---|---|---|
| Component: | Template system | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
I think the template filter urlize should not return broken URLs as clickable links.
In [1]: from django.template.defaultfilters import urlize
In [2]: urlize("http://:/:/.foo.com")
Out[2]: u'<a href="http://:/:/.foo.com" rel="nofollow">http://:/:/.foo.com</a>'
I added a patch and a testcase for it.
Attachments (2)
Change History (7)
by , 14 years ago
| Attachment: | urlize_malformed_urls.diff added |
|---|
comment:1 by , 14 years ago
| Patch needs improvement: | set |
|---|---|
| Triage Stage: | Unreviewed → Design decision needed |
comment:2 by , 14 years ago
| Type: | Bug → Cleanup/optimization |
|---|
by , 14 years ago
| Attachment: | urlize_malformed_urls-2.diff added |
|---|
comment:4 by , 14 years ago
| Triage Stage: | Design decision needed → Accepted |
|---|
comment:5 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
In [17358]:
(The changeset message doesn't reference this ticket)
Note:
See TracTickets
for help on using tickets.
Your patch is basically checking that
http://is followed by a word character; could you explain why this is the right thing to do? IMO, validation must be implemented correctly or not at all.Regarding the patch, I think it would be much clearer to structure the code like this:
if middle.startswith('http://') or middle.startswith('https://'): # do additional checks, and set url only if the checks pass elif ... # unchangedIt's more readable than adding
not middle.startswith('http')to every subsequent condition — since you only added it to the first one, I think http:////@foo.com will be misinterpreted as an email. (By the way, Trac happily turns that into an HTTP link).