A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b below:

[1.11.x] Fixed CVE-2019-12308 -- Made AdminURLFieldWidget validate UR… · django/django@c238701 · GitHub

@@ -336,6 +336,12 @@ def test_localization(self):

 336 336 337 337 338 338

class AdminURLWidgetTest(SimpleTestCase):

 339 +

def test_get_context_validates_url(self):

 340 +

w = widgets.AdminURLFieldWidget()

 341 +

for invalid in ['', '/not/a/full/url/', 'javascript:alert("Danger XSS!")']:

 342 +

self.assertFalse(w.get_context('name', invalid, {})['url_valid'])

 343 +

self.assertTrue(w.get_context('name', 'http://example.com', {})['url_valid'])

 344 + 339 345

def test_render(self):

 340 346

w = widgets.AdminURLFieldWidget()

 341 347

self.assertHTMLEqual(

@@ -369,31 +375,31 @@ def test_render_quoting(self):

 369 375

VALUE_RE = re.compile('value="([^"]+)"')

 370 376

TEXT_RE = re.compile('<a[^>]+>([^>]+)</a>')

 371 377

w = widgets.AdminURLFieldWidget()

 372 -

output = w.render('test', 'http://example.com/<sometag>some text</sometag>')

 378 +

output = w.render('test', 'http://example.com/<sometag>some-text</sometag>')

 373 379

self.assertEqual(

 374 380

HREF_RE.search(output).groups()[0],

 375 -

'http://example.com/%3Csometag%3Esome%20text%3C/sometag%3E',

 381 +

'http://example.com/%3Csometag%3Esome-text%3C/sometag%3E',

 376 382

)

 377 383

self.assertEqual(

 378 384

TEXT_RE.search(output).groups()[0],

 379 -

'http://example.com/&lt;sometag&gt;some text&lt;/sometag&gt;',

 385 +

'http://example.com/&lt;sometag&gt;some-text&lt;/sometag&gt;',

 380 386

)

 381 387

self.assertEqual(

 382 388

VALUE_RE.search(output).groups()[0],

 383 -

'http://example.com/&lt;sometag&gt;some text&lt;/sometag&gt;',

 389 +

'http://example.com/&lt;sometag&gt;some-text&lt;/sometag&gt;',

 384 390

)

 385 -

output = w.render('test', 'http://example-äüö.com/<sometag>some text</sometag>')

 391 +

output = w.render('test', 'http://example-äüö.com/<sometag>some-text</sometag>')

 386 392

self.assertEqual(

 387 393

HREF_RE.search(output).groups()[0],

 388 -

'http://xn--example--7za4pnc.com/%3Csometag%3Esome%20text%3C/sometag%3E',

 394 +

'http://xn--example--7za4pnc.com/%3Csometag%3Esome-text%3C/sometag%3E',

 389 395

)

 390 396

self.assertEqual(

 391 397

TEXT_RE.search(output).groups()[0],

 392 -

'http://example-äüö.com/&lt;sometag&gt;some text&lt;/sometag&gt;',

 398 +

'http://example-äüö.com/&lt;sometag&gt;some-text&lt;/sometag&gt;',

 393 399

)

 394 400

self.assertEqual(

 395 401

VALUE_RE.search(output).groups()[0],

 396 -

'http://example-äüö.com/&lt;sometag&gt;some text&lt;/sometag&gt;',

 402 +

'http://example-äüö.com/&lt;sometag&gt;some-text&lt;/sometag&gt;',

 397 403

)

 398 404

output = w.render('test', 'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"')

 399 405

self.assertEqual(

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4