Comment 2 for bug 734232

You are right, limiting to the http:// and https:// is not the solution, but we have at least to limit the letters before the .com .org .net and not allow forbiden characters in the host.

Dajngo urlize filter : http://docs.djangoproject.com/en/dev/ref/templates/builtins/?from=olddocs#urlize

This bug should be reported to django also if someone can do that.