mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-20 15:19:20 +00:00
Code Issues 32 Releases Wiki Activity
33,161 Commits 29 Branches 430 Tags
Commit Graph

60 Commits

Author SHA1 Message Date
Mike Edmunds
322e49ba30 Fixed #36012 -- Made mailto punctuation percent-encoded in Urlizer. 
Urlizer was not properly encoding email addresses containing punctuation
in generated mailto links. Per RFC 6068, fixed by percent encoding
(urllib.parse.quote) the local and domain address parts.
 2024-12-17 10:18:48 +01:00
Sarah Boyce
49ff1042aa Fixed CVE-2024-53907 -- Mitigated potential DoS in strip_tags(). 
Thanks to jiangniao for the report, and Shai Berger and Natalia Bidart
for the reviews.
 2024-12-04 13:43:13 +01:00
Sarah Boyce
320dd27412 Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2024-09-03 09:22:32 -03:00
Adam Johnson
2b71b2c8dc
Refs #34609 -- Fixed deprecation warning stack level in format_html(). 
Co-authored-by: Simon Charette <charette.s@gmail.com>
 2024-08-27 15:14:50 -03:00
nabil-rady
231c0d8593 Fixed #35668 -- Added mapping support to format_html_join. 2024-08-20 08:20:34 +02:00
Mariusz Felisiak
5f1757142f Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. 
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-08-06 08:50:08 +02:00
Sarah Boyce
ecf1f8fb90 Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks to MProgrammer for the report.
 2024-08-06 08:50:08 +02:00
Adam Johnson
d666457453 Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
 2024-07-09 09:21:19 -03:00
devilsautumn
094b0bea2c Fixed #34609 -- Deprecated calling format_html() without arguments. 2023-06-06 14:14:57 +02:00
Hrushikesh Vaidya
72e41a0df6 Fixed #33779 -- Allowed customizing encoder class in django.utils.html.json_script(). 2022-06-28 10:54:38 +02:00
Adam Johnson
a45f28f0ec Rewrote strip_tags test file to lorem ipsum. 2022-03-08 14:50:06 +01:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Baptiste Mispelon
e6e664a711 Fixed #33302 -- Made element_id optional argument for json_script template filter. 
Added versionchanged note in documentation
 2021-11-22 11:52:19 +01:00
Shipeng Feng
68cc04887b
Fixed #32866 -- Fixed trimming trailing punctuation from escaped string in urlize(). 2021-07-07 11:19:33 +02:00
Florian Apolloner
4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Jon Dufresne
8d76443aba Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape(). 2019-04-25 15:09:07 +02:00
Jon Dufresne
7e3bf2662b Removed default mode='r' argument from calls to open(). 2019-01-27 17:41:43 -05:00
Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి)
a7ef4a56e0 Fixed #29920 -- Added a test for smart_urlquote()'s UnicodeError branch. 2018-11-09 12:39:08 -05:00
Jon Dufresne
82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Tim Graham
911af0d24b Added more tests for django.utils.html.urlize(). 2018-03-06 08:30:41 -05:00
Tim Graham
8618271caa Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. 
Thanks Florian Apolloner for assisting with the patch.
 2018-03-06 08:30:40 -05:00
Tim Graham
b832de869e
Added tests for utils.html.urlize() (lazy string inputs were untested). 2018-02-10 15:45:57 -05:00
Jonas Haag
8c709d79cb Fixed #17419 -- Added json_tag template filter. 2018-02-07 18:38:12 -05:00
Jon Dufresne
ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Tim Graham
6ae1b04fb5 Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. 2017-03-04 09:04:16 -05:00
Claude Paroz
a21ec12409 Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape 2017-02-02 21:01:39 +01:00
Tim Graham
f8d52521ab Refs #27804 -- Used subTest() in tests.utils_tests.test_html. 2017-02-02 08:17:00 -05:00
Tim Graham
2af8cd22a9 Imported specific functions in tests.utils_tests.test_html. 2017-02-02 07:23:10 -05:00
Claude Paroz
2366100872 Removed unneeded force_text calls in the test suite 2017-01-24 18:45:54 +01:00
Tim Graham
4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. 
These functions do nothing on Python 3.
 2017-01-20 08:01:02 -05:00
Simon Charette
cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz
c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage 
Thanks Tim Graham for the review.
 2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Iacopo Spalletti
d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy(). 
Thanks to bmispelon and uruz for the initial patch.
 2015-12-12 14:46:48 -05:00
Tim Graham
222d063301 Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline. 2015-09-23 19:31:09 -04:00
Dražen Odobašić
b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b7913f6da233c55409c4973248372d302
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00
Moritz Sichert
1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham
1c83fc88d6 Fixed an infinite loop possibility in strip_tags(). 
This is a security fix; disclosure to follow shortly.
 2015-03-18 19:20:07 -04:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Claude Paroz
51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Berker Peksag
560b4207b1 Removed redundant numbered parameters from str.format(). 
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
 2014-12-03 14:27:38 -05:00
Claude Paroz
b9d9287f59 Fixed urlize after smart_urlquote rewrite 
Refs #22267.
 2014-09-09 21:59:35 +02:00
Claude Paroz
4b8a1d2c0d Fixed #22267 -- Fixed unquote/quote in smart_urlquote 
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
 2014-09-09 21:58:07 +02:00
Tim Graham
e122facbd8 Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter. 
Also the unused, undocumented django.utils.html.strip_entities() function.
 2014-08-15 08:20:02 -04:00
Claude Paroz
6a0291bdaf Tweaked strip_tags tests to pass on Python 3.3 2014-03-22 14:43:11 +01:00
Claude Paroz
6ca6c36f82 Improved strip_tags and clarified documentation 
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
 2014-03-22 10:59:18 +01:00
Tim Graham
8b81dee60c Removed fix_ampersands template filter per deprecation timeline. 
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
 2014-03-21 08:50:43 -04:00