Opened 13 years ago
Closed 13 years ago
#16395 closed Cleanup/optimization (fixed)
urlize works with malformed URLs
Reported by: | Bernhard Essl | Owned by: | nobody |
---|---|---|---|
Component: | Template system | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description
I think the template filter urlize should not return broken URLs as clickable links.
In [1]: from django.template.defaultfilters import urlize In [2]: urlize("http://:/:/.foo.com") Out[2]: u'<a href="http://:/:/.foo.com" rel="nofollow">http://:/:/.foo.com</a>'
I added a patch and a testcase for it.
Attachments (2)
Change History (7)
by , 13 years ago
Attachment: | urlize_malformed_urls.diff added |
---|
comment:1 by , 13 years ago
Patch needs improvement: | set |
---|---|
Triage Stage: | Unreviewed → Design decision needed |
comment:2 by , 13 years ago
Type: | Bug → Cleanup/optimization |
---|
by , 13 years ago
Attachment: | urlize_malformed_urls-2.diff added |
---|
comment:4 by , 13 years ago
Triage Stage: | Design decision needed → Accepted |
---|
comment:5 by , 13 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
In [17358]:
(The changeset message doesn't reference this ticket)
Note:
See TracTickets
for help on using tickets.
Your patch is basically checking that
http://
is followed by a word character; could you explain why this is the right thing to do? IMO, validation must be implemented correctly or not at all.Regarding the patch, I think it would be much clearer to structure the code like this:
It's more readable than adding
not middle.startswith('http')
to every subsequent condition — since you only added it to the first one, I think http:////@foo.com will be misinterpreted as an email. (By the way, Trac happily turns that into an HTTP link).