Re: [Django] #36000: Update default from http to https in urlize when protocol not provided

[Django]

#36000: Update default from http to https in urlize when protocol not provided
--------------------------------------+------------------------------------
Reporter: saravana-hackz | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Sarah Boyce):

* component: HTTP handling => Template system

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#36000: Update default from http to https in urlize when protocol not provided

-------------------------------------+-------------------------------------
Reporter: saravana-hackz | Owner: saravana-
Type: | hackz
Cleanup/optimization | Status: assigned

Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by saravana-hackz):

* owner: (none) => saravana-hackz
* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:3>

[Django]

#36000: Update default from http to https in urlize when protocol not provided

--------------------------------------+------------------------------------
Reporter: Saravana | Owner: Saravana
Type: Cleanup/optimization | Status: assigned

Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0

--------------------------------------+------------------------------------
Comment (by Adam Johnson):

I think we can use a plan similar to how #34380 shook out, with a plan
like:

1. Introduce a transitional setting (`URLIZE_ASSUME_HTTPS`) that defaults
to `False`. This goes on the deprecation plan for removal in N+2 versions.
2. When the
[https://github.com/django/django/blob/40d5516385448a73426aad396778f369a363eda9/django/utils/html.py#L353
responsible code path is hit] (which should be fairly rare as it only
applies to
[https://github.com/django/django/blob/40d5516385448a73426aad396778f369a363eda9/django/utils/html.py#L299-L301
limited domains]), check the setting. If it’s `False`, warn and use
'http', otherwise use 'https'.
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:4>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
--------------------------------------+------------------------------------
Reporter: Saravana | Owner: Saravana
Type: Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by Saravana):

Yeah sure,
i will work on that
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:5>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
--------------------------------------+------------------------------------
Reporter: Saravana | Owner: Saravana
Type: Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by IronJam):

I will be happy to work on this one if its available
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:6>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
--------------------------------------+------------------------------------
Reporter: Saravana | Owner: Saravana
Type: Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by Ahmed Nassar):

I’d love to contribute to this issue.
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:7>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
--------------------------------------+------------------------------------
Reporter: Saravana | Owner: Saravana
Type: Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by Saravana):

Replying to [comment:7 Ahmed Nassar]:

> I’d love to contribute to this issue.

Yeah
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:8>

[Django]

#36000: Update default from http to https in urlize when protocol not provided

-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar

Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Saravana):

* owner: Saravana => Ahmed Nassar

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:9>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Ahmed Nassar):

I've submitted a pull request for this ticket:
https://github.com/django/django/pull/19240

The PR adds URLIZE_ASSUME_HTTPS setting to control the default protocol in
urlize(), improving security by defaulting to HTTPS.
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:10>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Ahmed Nassar):

* has_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:11>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:12>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Ahmed Nassar):

I have completed all requested changes in the PR
https://github.com/django/django/pull/19240, including:

Addressing all review comments.
Pushing a commit with the latest updates.
Ensuring all tests pass successfully.
Updating the documentation to reflect the introduced `URLIZE_ASSUME_HTTPS`
setting.
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:13>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Sarah Boyce):

> Additionally, I have added and updated some tests and documentation to
ensure proper coverage and clarity. Given that the Trac ticket currently
has "Needs tests: No" and "Needs documentation: No", should these be
updated to "Needs tests: Yes" and "Needs documentation: Yes" to reflect
these additions?

Yes when you want another review, you should do this as it will put the
ticket in the review queue. I have given a review, so once you've resolved
those comments you can update this ticket
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:14>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Ahmed Nassar):

Thank you for the review. I have addressed and resolved all comments.
Please let me know if anything else is required.
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:15>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 1
Needs tests: 1 | Patch needs improvement: 1

Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Ahmed Nassar):

* needs_docs: 0 => 1
* needs_tests: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:16>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Ahmed Nassar):

* needs_docs: 1 => 0
* needs_tests: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:17>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Ahmed Nassar):

* needs_better_patch: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:18>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:19>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Ahmed Nassar):

* needs_better_patch: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:20>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar
Cleanup/optimization | Status: assigned
Component: Template system | Version: 5.1
Severity: Normal | Resolution:

Keywords: | Triage Stage: Ready for
| checkin

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce):

* stage: Accepted => Ready for checkin

--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:21>

[Django]

#36000: Update default from http to https in urlize when protocol not provided
-------------------------------------+-------------------------------------
Reporter: Saravana | Owner: Ahmed
Type: | Nassar

Cleanup/optimization | Status: closed

Component: Template system | Version: 5.1

Severity: Normal | Resolution: fixed

Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce <42296566+sarahboyce@…>):

* resolution: => fixed
* status: assigned => closed

Comment:

In [changeset:"ec7044c706f48f5ab3d9e4c35e4078b9f9dcaaf2" ec7044c7]:
{{{#!CommitTicketReference repository=""
revision="ec7044c706f48f5ab3d9e4c35e4078b9f9dcaaf2"
Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and
urlizetrunc.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36000#comment:22>