Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.

Co-Authored-By: Tim Graham <timograham@gmail.com>

1 files changed, 6 insertions, 4 deletions

diff --git a/tests/handlers/tests.py b/tests/handlers/tests.py
index 70f0e875a5..fc7074833b 100644
--- a/tests/handlers/tests.py
+++ b/tests/handlers/tests.py
@@ -5,6 +5,7 @@ from django.db import close_old_connections, connection
 from django.test import (
     RequestFactory, SimpleTestCase, TransactionTestCase, override_settings,
 )
+from django.utils.version import PY37
 
 
 class HandlerTests(SimpleTestCase):
@@ -162,16 +163,17 @@ class HandlerRequestTests(SimpleTestCase):
 
     def test_invalid_urls(self):
         response = self.client.get('~%A9helloworld')
-        self.assertContains(response, '~%A9helloworld', status_code=404)
+        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.context['request_path'], '/~%25A9helloworld' if PY37 else '/%7E%25A9helloworld')
 
         response = self.client.get('d%aao%aaw%aan%aal%aao%aaa%aad%aa/')
-        self.assertContains(response, 'd%AAo%AAw%AAn%AAl%AAo%AAa%AAd%AA', status_code=404)
+        self.assertEqual(response.context['request_path'], '/d%25AAo%25AAw%25AAn%25AAl%25AAo%25AAa%25AAd%25AA')
 
         response = self.client.get('/%E2%99%E2%99%A5/')
-        self.assertContains(response, '%E2%99\u2665', status_code=404)
+        self.assertEqual(response.context['request_path'], '/%25E2%2599%E2%99%A5/')
 
         response = self.client.get('/%E2%98%8E%E2%A9%E2%99%A5/')
-        self.assertContains(response, '\u260e%E2%A9\u2665', status_code=404)
+        self.assertEqual(response.context['request_path'], '/%E2%98%8E%25E2%25A9%E2%99%A5/')
 
     def test_environ_path_info_type(self):
         environ = self.request_factory.get('/%E2%A8%87%87%A5%E2%A8%A0').environ