mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and urlizetrunc.

Browse Source
This commit is contained in:
Ahmed Nassar
2025-03-08 16:35:10 +02:00
committed by Sarah Boyce
parent ed1e7c02c9
commit ec7044c706
9 changed files with 141 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/ref/settings.txt
View File

@@ -2955,6 +2955,21 @@ enabled if a proxy which sets this header is in use.
:setting:`USE_X_FORWARDED_HOST` takes priority over this setting.
.. setting:: URLIZE_ASSUME_HTTPS
``URLIZE_ASSUME_HTTPS``
-----------------------
.. versionadded:: 6.0
.. deprecated:: 6.0
Default: ``False``
Set this transitional setting to ``True`` to opt into using HTTPS as the
default protocol when none is provided in URLs processed by the
:tfilter:`urlize` and :tfilter:`urlizetrunc` template filters during the Django
6.x release cycle.
.. setting:: WSGI_APPLICATION
``WSGI_APPLICATION``
@@ -3766,6 +3781,7 @@ Security
* :setting:`SECRET_KEY`
* :setting:`SECRET_KEY_FALLBACKS`
* :setting:`URLIZE_ASSUME_HTTPS`
* :setting:`X_FRAME_OPTIONS`
Serialization

40
docs/ref/templates/builtins.txt
View File

@@ -2905,9 +2905,23 @@ For example:
{{ value|urlize }}
If ``value`` is ``"Check out www.djangoproject.com"``, the output will be
``"Check out <a href="http://www.djangoproject.com"
rel="nofollow">www.djangoproject.com</a>"``.
If ``value`` is ``"Check out www.djangoproject.com"``, the output will be:
.. code-block:: html+django
Check out <a href="http://www.djangoproject.com" rel="nofollow">www.djangoproject.com</a>
.. deprecated:: 6.0
The default protocol when none is provided will change from HTTP to HTTPS
in Django 7.0. Hence, the output will become:
.. code-block:: html+django
Check out <a href="https://www.djangoproject.com" rel="nofollow">www.djangoproject.com</a>
Set the transitional setting :setting:`URLIZE_ASSUME_HTTPS` to ``True`` to
opt into using HTTPS during the Django 6.x release cycle.
In addition to web links, ``urlize`` also converts email addresses into
``mailto:`` links. If ``value`` is
@@ -2942,9 +2956,23 @@ For example:
{{ value|urlizetrunc:15 }}
If ``value`` is ``"Check out www.djangoproject.com"``, the output would be
``'Check out <a href="http://www.djangoproject.com"
rel="nofollow">www.djangoproj…</a>'``.
If ``value`` is ``"Check out www.djangoproject.com"``, the output would be:
.. code-block:: html+django
Check out <a href="http://www.djangoproject.com" rel="nofollow">www.djangoproj…</a>
.. deprecated:: 6.0
The default protocol when none is provided will change from HTTP to HTTPS
in Django 7.0. Hence, the output will become:
.. code-block:: html+django
Check out <a href="https://www.djangoproject.com" rel="nofollow">www.djangoproj…</a>
Set the transitional setting :setting:`URLIZE_ASSUME_HTTPS` to ``True`` to
opt into using HTTPS during the Django 6.x release cycle.
As with urlize_, this filter should only be applied to plain text.