From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Sun, 16 Nov 2008 23:35:30 +0000 (+0100)
Subject: Fixed an escaping bug in urlize
X-Git-Tag: 2.1~6
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d9342dcb855ee78a1971f8e22660726e711f50b7;p=jinja2.git

Fixed an escaping bug in urlize

--HG--
branch : trunk
---

diff --git a/CHANGES b/CHANGES
index c2d64e9..b08be69 100644
--- a/CHANGES
+++ b/CHANGES
@@ -44,6 +44,8 @@ Version 2.1
 - added a `compile_expression` method to the environment that allows compiling
   of Jinja expressions into callable Python objects.
 
+- fixed an escaping bug in urlize
+
 Version 2.0
 -----------
 (codename jinjavitus, released on July 17th 2008)
diff --git a/jinja2/filters.py b/jinja2/filters.py
index bd9a500..afa7667 100644
--- a/jinja2/filters.py
+++ b/jinja2/filters.py
@@ -322,7 +322,7 @@ def do_urlize(environment, value, trim_url_limit=None, nofollow=False):
         {{ mytext|urlize(40, true) }}
             links are shortened to 40 chars and defined with rel="nofollow"
     """
-    rv = urlize(soft_unicode(value), trim_url_limit, nofollow)
+    rv = urlize(value, trim_url_limit, nofollow)
     if environment.autoescape:
         rv = Markup(rv)
     return rv
diff --git a/jinja2/utils.py b/jinja2/utils.py
index 480c086..45be2c2 100644
--- a/jinja2/utils.py
+++ b/jinja2/utils.py
@@ -218,7 +218,7 @@ def urlize(text, trim_url_limit=None, nofollow=False):
     trim_url = lambda x, limit=trim_url_limit: limit is not None \
                          and (x[:limit] + (len(x) >=limit and '...'
                          or '')) or x
-    words = _word_split_re.split(text)
+    words = _word_split_re.split(unicode(escape(text)))
     nofollow_attr = nofollow and ' rel="nofollow"' or ''
     for i, word in enumerate(words):
         match = _punctuation_re.match(word)
diff --git a/tests/test_old_bugs.py b/tests/test_old_bugs.py
index 62a9cd6..8ce0a65 100644
--- a/tests/test_old_bugs.py
+++ b/tests/test_old_bugs.py
@@ -28,3 +28,8 @@ def test_extends_output_bugs():
                         '{% for item in [1, 2, 3] %}({{ item }}){% endfor %}')
     assert t.render(expr=False) == '[[title]](1)(2)(3)'
     assert t.render(expr=True) == '((title))'
+
+
+def test_urlize_filter_escaping(env):
+    tmpl = env.from_string('{{ "http://www.example.org/<foo"|urlize }}')
+    assert tmpl.render() == '<a href="http://www.example.org/&lt;foo">http://www.example.org/&lt;foo</a>'