| 
							
							
								 nabil-rady | 231c0d8593 | Fixed #35668 -- Added mapping support to format_html_join. | 2024-08-20 08:20:34 +02:00 |  | 
			
				
					| 
							
							
								 Mariusz Felisiak | 5f1757142f | Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-06 08:50:08 +02:00 |  | 
			
				
					| 
							
							
								 Sarah Boyce | ecf1f8fb90 | Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters. Thanks to MProgrammer for the report. | 2024-08-06 08:50:08 +02:00 |  | 
			
				
					| 
							
							
								 Adam Johnson | d666457453 | Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters. Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-07-09 09:21:19 -03:00 |  | 
			
				
					| 
							
							
								 devilsautumn | 094b0bea2c | Fixed #34609 -- Deprecated calling format_html() without arguments. | 2023-06-06 14:14:57 +02:00 |  | 
			
				
					| 
							
							
								 Hrushikesh Vaidya | 72e41a0df6 | Fixed #33779 -- Allowed customizing encoder class in django.utils.html.json_script(). | 2022-06-28 10:54:38 +02:00 |  | 
			
				
					| 
							
							
								 Adam Johnson | a45f28f0ec | Rewrote strip_tags test file to lorem ipsum. | 2022-03-08 14:50:06 +01:00 |  | 
			
				
					| 
							
							
								 Mariusz Felisiak | 7119f40c98 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | 2022-02-07 20:37:05 +01:00 |  | 
			
				
					| 
							
							
								 django-bot | 9c19aff7c7 | Refs #33476 -- Reformatted code with Black. | 2022-02-07 20:37:05 +01:00 |  | 
			
				
					| 
							
							
								 Baptiste Mispelon | e6e664a711 | Fixed #33302 -- Made element_id optional argument for json_script template filter. Added versionchanged note in documentation | 2021-11-22 11:52:19 +01:00 |  | 
			
				
					| 
							
							
								 Shipeng Feng | 68cc04887b | Fixed #32866 -- Fixed trimming trailing punctuation from escaped string in urlize(). | 2021-07-07 11:19:33 +02:00 |  | 
			
				
					| 
							
							
								 Florian Apolloner | 4b78420d25 | Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | 2019-08-01 09:24:54 +02:00 |  | 
			
				
					| 
							
							
								 Jon Dufresne | 8d76443aba | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape(). | 2019-04-25 15:09:07 +02:00 |  | 
			
				
					| 
							
							
								 Jon Dufresne | 7e3bf2662b | Removed default mode='r' argument from calls to open(). | 2019-01-27 17:41:43 -05:00 |  | 
			
				
					| 
							
							
								 Srinivas  Thatiparthy (శ్రీనివాస్  తాటిపర్తి) | a7ef4a56e0 | Fixed #29920 -- Added a test for smart_urlquote()'s UnicodeError branch. | 2018-11-09 12:39:08 -05:00 |  | 
			
				
					| 
							
							
								 Jon Dufresne | 82f286cf6f | Refs #29784 -- Switched to https:// links where available. | 2018-09-26 08:48:47 +02:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 911af0d24b | Added more tests for django.utils.html.urlize(). | 2018-03-06 08:30:41 -05:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 8618271caa | Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. Thanks Florian Apolloner for assisting with the patch. | 2018-03-06 08:30:40 -05:00 |  | 
			
				
					| 
							
							
								 Tim Graham | b832de869e | Added tests for utils.html.urlize() (lazy string inputs were untested). | 2018-02-10 15:45:57 -05:00 |  | 
			
				
					| 
							
							
								 Jonas Haag | 8c709d79cb | Fixed #17419 -- Added json_tag template filter. | 2018-02-07 18:38:12 -05:00 |  | 
			
				
					| 
							
							
								 Jon Dufresne | ff05de760c | Fixed #29038 -- Removed closing slash from HTML void tags. | 2018-01-21 02:09:10 -05:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 6ae1b04fb5 | Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. | 2017-03-04 09:04:16 -05:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | a21ec12409 | Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape | 2017-02-02 21:01:39 +01:00 |  | 
			
				
					| 
							
							
								 Tim Graham | f8d52521ab | Refs #27804 -- Used subTest() in tests.utils_tests.test_html. | 2017-02-02 08:17:00 -05:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 2af8cd22a9 | Imported specific functions in tests.utils_tests.test_html. | 2017-02-02 07:23:10 -05:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | 2366100872 | Removed unneeded force_text calls in the test suite | 2017-01-24 18:45:54 +01:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 4e729feaa6 | Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. These functions do nothing on Python 3. | 2017-01-20 08:01:02 -05:00 |  | 
			
				
					| 
							
							
								 Simon Charette | cecc079168 | Refs #23919 -- Stopped inheriting from object to define new style classes. | 2017-01-19 08:39:46 +01:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | c716fe8782 | Refs #23919 -- Removed six.PY2/PY3 usage Thanks Tim Graham for the review. | 2017-01-18 16:21:28 +01:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | d7b9aaa366 | Refs #23919 -- Removed encoding preambles and future imports | 2017-01-18 09:55:19 +01:00 |  | 
			
				
					| 
							
							
								 za | 321e94fa41 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | 2016-11-10 21:30:21 -05:00 |  | 
			
				
					| 
							
							
								 Iacopo Spalletti | d693074d43 | Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy(). Thanks to bmispelon and uruz for the initial patch. | 2015-12-12 14:46:48 -05:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 222d063301 | Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline. | 2015-09-23 19:31:09 -04:00 |  | 
			
				
					| 
							
							
								 Dražen Odobašić | b1e33ceced | Fixed #23395 -- Limited line lengths to 119 characters. | 2015-09-12 11:40:50 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | aaacaeb096 | Renamed RemovedInDjangoXYWarnings for new roadmap. Forwardport of ae1d663b79from stable/1.8.x plus more. | 2015-06-24 16:08:20 -04:00 |  | 
			
				
					| 
							
							
								 Moritz Sichert | 1f2abf784a | Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. | 2015-03-27 19:46:20 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 1c83fc88d6 | Fixed an infinite loop possibility in strip_tags(). This is a security fix; disclosure to follow shortly. | 2015-03-18 19:20:07 -04:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 0ed7d15563 | Sorted imports with isort; refs #23860. | 2015-02-06 08:16:28 -05:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | 51890ce889 | Applied ignore_warnings to Django tests | 2014-12-30 18:16:25 +01:00 |  | 
			
				
					| 
							
							
								 Berker Peksag | 560b4207b1 | Removed redundant numbered parameters from str.format(). Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}". | 2014-12-03 14:27:38 -05:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | b9d9287f59 | Fixed urlize after smart_urlquote rewrite Refs #22267. | 2014-09-09 21:59:35 +02:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | 4b8a1d2c0d | Fixed #22267 -- Fixed unquote/quote in smart_urlquote Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review. | 2014-09-09 21:58:07 +02:00 |  | 
			
				
					| 
							
							
								 Tim Graham | e122facbd8 | Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter. Also the unused, undocumented django.utils.html.strip_entities() function. | 2014-08-15 08:20:02 -04:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | 6a0291bdaf | Tweaked strip_tags tests to pass on Python 3.3 | 2014-03-22 14:43:11 +01:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | 6ca6c36f82 | Improved strip_tags and clarified documentation The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ | 2014-03-22 10:59:18 +01:00 |  | 
			
				
					| 
							
							
								 Tim Graham | 8b81dee60c | Removed fix_ampersands template filter per deprecation timeline. Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html | 2014-03-21 08:50:43 -04:00 |  | 
			
				
					| 
							
							
								 Claude Paroz | 210d0489c5 | Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review. | 2014-03-08 09:57:40 +01:00 |  | 
			
				
					| 
							
							
								 Erik Romijn | 775975f15d | Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html() | 2014-03-01 14:07:57 +01:00 |  | 
			
				
					| 
							
							
								 Alex Gaynor | 9d740eb8b1 | Fix all violators of E231 | 2013-10-26 12:15:03 -07:00 |  | 
			
				
					| 
							
							
								 Alasdair Nicol | a800036981 | Fixed #21287 -- Fixed E123 pep8 warnings | 2013-10-18 10:07:39 +01:00 |  |