Added lookaheads to regex pattern in Template tokenizing to avoid backtracing as described in ticket #65675.

2025-08-04 10:59:45 +00:00 · 2025-04-08 08:52:08 -07:00 · 2025-04-08 08:52:08 -07:00 · 5d88603feb
commit 5d88603feb
parent 71a19a0e47
1 changed files with 1 additions and 1 deletions
--- a/django/template/base.py
+++ b/django/template/base.py
@ -86,7 +86,7 @@ UNKNOWN_SOURCE = "<unknown source>"
 # Match BLOCK_TAG_*, VARIABLE_TAG_*, and COMMENT_TAG_* tags and capture the
 # entire tag, including start/end delimiters. Using re.compile() is faster
 # than instantiating SimpleLazyObject with _lazy_re_compile().
-tag_re = re.compile(r"({%.*?%}|{{.*?}}|{#.*?#})")
+tag_re = re.compile(r"({%(?=.*%}).*?%}|{{(?=.*}}).*?}}|{#(?=.*#}).*?#})")

 logger = logging.getLogger("django.template")