[1.6.x] Improved strip_tags and clarified documentation

The fact that strip_tags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ Backport of 6ca6c36f8 from master.
2025-10-31 01:25:32 +00:00 · 2014-03-20 16:50:50 +01:00
parent c8c2d60614
commit d1503afd66
4 changed files with 53 additions and 11 deletions
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -80,6 +80,8 @@ class TestUtilsHtml(TestCase):
            ('a<p a >b</p>c', 'abc'),
            ('d<a:b c:d>e</p>f', 'def'),
            ('<strong>foo</strong><a href="http://example.com">bar</a>', 'foobar'),
+            ('<sc<!-- -->ript>test<<!-- -->/script>', 'test'),
+            ('<script>alert()</script>&h', 'alert()&h'),
        )
        for value, output in items:
            self.check_output(f, value, output)