[1.7.x] Improved strip_tags and clarified documentation

The fact that strip_tags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ Backport of 6ca6c36f82 from master.
2025-10-25 14:46:09 +00:00 · 2014-03-20 16:50:50 +01:00
parent 0c19383a1f
commit 80f08dbdbc
4 changed files with 51 additions and 10 deletions
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -82,6 +82,8 @@ class TestUtilsHtml(TestCase):
            ('a<p a >b</p>c', 'abc'),
            ('d<a:b c:d>e</p>f', 'def'),
            ('<strong>foo</strong><a href="http://example.com">bar</a>', 'foobar'),
+            ('<sc<!-- -->ript>test<<!-- -->/script>', 'test'),
+            ('<script>alert()</script>&h', 'alert()&h'),
        )
        for value, output in items:
            self.check_output(f, value, output)