mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.

Browse source 
Thanks James Davis for suggesting the fix.
This commit is contained in:
Tim Graham 2018-02-24 16:22:43 -05:00
parent 8618271caa
commit 97b7dd59bb
5 changed files with 41 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tests/utils_tests/test_text.py
View file

@ -136,6 +136,10 @@ class TestUtilsText(SimpleTestCase):
truncator = text.Truncator('<p>I &lt;3 python, what about you?</p>')
self.assertEqual('<p>I &lt;3 python...</p>', truncator.words(3, '...', html=True))
re_tag_catastrophic_test = ('</a' + '\t' * 50000) + '//>'
truncator = text.Truncator(re_tag_catastrophic_test)
self.assertEqual(re_tag_catastrophic_test, truncator.words(500, html=True))
def test_wrap(self):
digits = '1234 67 9'
self.assertEqual(text.wrap(digits, 100), '1234 67 9')