1
0
mirror of https://github.com/django/django.git synced 2025-10-24 22:26:08 +00:00
Commit Graph

21 Commits

Author SHA1 Message Date
Moritz Sichert
44a05a8a91 [1.8.x] Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.
Backport of 1f2abf784a from master
2015-03-27 20:01:41 -04:00
Tim Graham
5447709a57 [1.8.x] Fixed an infinite loop possibility in strip_tags().
This is a security fix; disclosure to follow shortly.
2015-03-18 19:23:21 -04:00
Tim Graham
a8b70d251d [1.8.x] Sorted imports with isort; refs #23860.
Backport of 0ed7d15563 from master
2015-02-09 14:24:06 -05:00
Claude Paroz
51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Berker Peksag
560b4207b1 Removed redundant numbered parameters from str.format().
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Claude Paroz
b9d9287f59 Fixed urlize after smart_urlquote rewrite
Refs #22267.
2014-09-09 21:59:35 +02:00
Claude Paroz
4b8a1d2c0d Fixed #22267 -- Fixed unquote/quote in smart_urlquote
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
Tim Graham
e122facbd8 Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
Claude Paroz
6a0291bdaf Tweaked strip_tags tests to pass on Python 3.3 2014-03-22 14:43:11 +01:00
Claude Paroz
6ca6c36f82 Improved strip_tags and clarified documentation
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
2014-03-22 10:59:18 +01:00
Tim Graham
8b81dee60c Removed fix_ampersands template filter per deprecation timeline.
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
2014-03-21 08:50:43 -04:00
Claude Paroz
210d0489c5 Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Erik Romijn
775975f15d Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html() 2014-03-01 14:07:57 +01:00
Alex Gaynor
9d740eb8b1 Fix all violators of E231 2013-10-26 12:15:03 -07:00
Alasdair Nicol
a800036981 Fixed #21287 -- Fixed E123 pep8 warnings 2013-10-18 10:07:39 +01:00
Unai Zalakain
af64429b99 Fixed #7261 -- support for __html__ for library interoperability
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.

This is an updated patch based on jbalogh and ivank patches.
2013-10-15 00:42:42 +02:00
Florian Apolloner
b70c371fc1 Simplified smart_urlquote and added some basic tests. 2013-07-28 10:05:39 +02:00
Aymeric Augustin
cfcf4b3605 Stopped using django.utils.unittest in the test suite.
Refs #20680.
2013-07-01 14:29:33 +02:00
Claude Paroz
b664cb818d Fixed #19237 (again) - Made strip_tags consistent between Python versions 2013-05-23 14:01:27 +02:00
Claude Paroz
dc51ec8bc2 Fixed #19237 -- Used HTML parser to strip tags
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
2013-05-22 17:34:02 +02:00
Preston Timmons
612ef3e5c9 Modified utils_tests for unittest2 discovery. 2013-04-12 15:31:58 -06:00