+41
-1
lines changedFilter options
+41
-1
lines changed Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ def capfirst(x):
20 20
# Set up regular expressions
21 21
re_words = re.compile(r'<.*?>|((?:\w[-\w]*|&.*?;)+)', re.S)
22 22
re_chars = re.compile(r'<.*?>|(.)', re.S)
23 -
re_tag = re.compile(r'<(/)?([^ ]+?)(?:(\s*/)| .*?)?>', re.S)
23 +
re_tag = re.compile(r'<(/)?(\S+?)(?:(\s*/)|\s.*?)?>', re.S)
24 24
re_newlines = re.compile(r'\r\n|\r') # Used in normalize_newlines
25 25
re_camel_case = re.compile(r'(((?<=[a-z])[A-Z])|([A-Z](?![A-Z]|$)))')
26 26
@@ -16,3 +16,15 @@ expressions. The ``urlize()`` function is used to implement the ``urlize`` and
16 16 17 17
The problematic regular expressions are replaced with parsing logic that
18 18
behaves similarly.
19 + 20 +
CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters
21 +
==================================================================================================================
22 + 23 +
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were
24 +
passed the ``html=True`` argument, they were extremely slow to evaluate certain
25 +
inputs due to a catastrophic backtracking vulnerability in a regular
26 +
expression. The ``chars()`` and ``words()`` methods are used to implement the
27 +
``truncatechars_html`` and ``truncatewords_html`` template filters, which were
28 +
thus vulnerable.
29 + 30 +
The backtracking problem in the regular expression is fixed.
Original file line number Diff line number Diff line change
@@ -16,3 +16,15 @@ expression. The ``urlize()`` function is used to implement the ``urlize`` and
16 16 17 17
The problematic regular expression is replaced with parsing logic that behaves
18 18
similarly.
19 + 20 +
CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters
21 +
==================================================================================================================
22 + 23 +
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were
24 +
passed the ``html=True`` argument, they were extremely slow to evaluate certain
25 +
inputs due to a catastrophic backtracking vulnerability in a regular
26 +
expression. The ``chars()`` and ``words()`` methods are used to implement the
27 +
``truncatechars_html`` and ``truncatewords_html`` template filters, which were
28 +
thus vulnerable.
29 + 30 +
The backtracking problem in the regular expression is fixed.
Original file line number Diff line number Diff line change
@@ -18,6 +18,18 @@ expressions. The ``urlize()`` function is used to implement the ``urlize`` and
18 18
The problematic regular expressions are replaced with parsing logic that
19 19
behaves similarly.
20 20 21 +
CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters
22 +
==================================================================================================================
23 + 24 +
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were
25 +
passed the ``html=True`` argument, they were extremely slow to evaluate certain
26 +
inputs due to a catastrophic backtracking vulnerability in a regular
27 +
expression. The ``chars()`` and ``words()`` methods are used to implement the
28 +
``truncatechars_html`` and ``truncatewords_html`` template filters, which were
29 +
thus vulnerable.
30 + 31 +
The backtracking problem in the regular expression is fixed.
32 + 21 33
Bugfixes
22 34
========
23 35
@@ -136,6 +136,10 @@ def test_truncate_html_words(self):
136 136
truncator = text.Truncator('<p>I <3 python, what about you?</p>')
137 137
self.assertEqual('<p>I <3 python...</p>', truncator.words(3, '...', html=True))
138 138 139 +
re_tag_catastrophic_test = ('</a' + '\t' * 50000) + '//>'
140 +
truncator = text.Truncator(re_tag_catastrophic_test)
141 +
self.assertEqual(re_tag_catastrophic_test, truncator.words(500, html=True))
142 + 139 143
def test_wrap(self):
140 144
digits = '1234 67 9'
141 145
self.assertEqual(text.wrap(digits, 100), '1234 67 9')
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4