mirror of
https://github.com/django/django.git
synced 2025-06-27 06:19:17 +00:00
[1.4.x] Clarified striptags documentation
The fact that striptags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ Partial backport (doc-only) of 6ca6c36f82 from master.
This commit is contained in:
parent
b8713ee69a
commit
f108b1f7d7
@ -1988,7 +1988,7 @@ If ``value`` is ``"Joel is a slug"``, the output will be ``"Joel is a slug"``.
|
||||
striptags
|
||||
^^^^^^^^^
|
||||
|
||||
Strips all [X]HTML tags.
|
||||
Makes all possible efforts to strip all [X]HTML tags.
|
||||
|
||||
For example::
|
||||
|
||||
@ -1997,6 +1997,16 @@ For example::
|
||||
If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"``, the
|
||||
output will be ``"Joel is a slug"``.
|
||||
|
||||
.. admonition:: No safety guarantee
|
||||
|
||||
Note that ``striptags`` doesn't give any guarantee about its output being
|
||||
entirely HTML safe, particularly with non valid HTML input. So **NEVER**
|
||||
apply the ``safe`` filter to a ``striptags`` output.
|
||||
If you are looking for something more robust, you can use the ``bleach``
|
||||
Python library, notably its `clean`_ method.
|
||||
|
||||
.. _clean: http://bleach.readthedocs.org/en/latest/clean.html
|
||||
|
||||
.. templatefilter:: time
|
||||
|
||||
time
|
||||
|
Loading…
x
Reference in New Issue
Block a user