diff options
| author | Tim Graham <timograham@gmail.com> | 2018-02-24 16:22:43 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-02-27 13:56:26 -0500 |
| commit | a91436360b79a6ff995c3e5018bcc666dfaf1539 (patch) | |
| tree | 2581958aedc8649eb5b1f91fde6cc9c651ed2c23 /tests | |
| parent | abf89d729f210c692a50e0ad3f75fb6bec6fae16 (diff) | |
| download | django-a91436360b79a6ff995c3e5018bcc666dfaf1539.tar.gz | |
[1.11.x] Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
Thanks James Davis for suggesting the fix.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/utils_tests/test_text.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/tests/utils_tests/test_text.py b/tests/utils_tests/test_text.py index d190d85232..50d1805e86 100644 --- a/tests/utils_tests/test_text.py +++ b/tests/utils_tests/test_text.py @@ -139,6 +139,10 @@ class TestUtilsText(SimpleTestCase): truncator = text.Truncator('<p>I <3 python, what about you?</p>') self.assertEqual('<p>I <3 python...</p>', truncator.words(3, '...', html=True)) + re_tag_catastrophic_test = ('</a' + '\t' * 50000) + '//>' + truncator = text.Truncator(re_tag_catastrophic_test) + self.assertEqual(re_tag_catastrophic_test, truncator.words(500, html=True)) + def test_wrap(self): digits = '1234 67 9' self.assertEqual(text.wrap(digits, 100), '1234 67 9') |