1
0
mirror of https://github.com/django/django.git synced 2025-10-26 15:16:09 +00:00
Commit Graph

320 Commits

Author SHA1 Message Date
Natalia
8124c42601 [5.0.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
Thanks Wenchao Li of Alibaba Group for the report.
2023-10-04 09:38:26 -03:00
Jon Ribbens
adfb3dfa89 Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs regarding safe and unsafe usages. 2023-07-03 12:32:58 +02:00
Akash Kumar Sen
b0a6cc7f57 Fixed #34600 -- Removed references to bleach in docs. 2023-05-31 09:52:38 +01:00
Natalia
881cc139e2 Refs #34574, Refs #34577 -- Mentioned escapeseq filter in escape/autoescape docs. 2023-05-26 06:26:38 +02:00
Natalia
1a59a324ce Fixed #34574 -- Noted unexpected outcomes in autoescape/escape docs. 2023-05-26 06:21:46 +02:00
Arthur Moreira
061a8a1bd8 Fixed #34577 -- Added escapeseq template filter. 2023-05-22 09:58:03 +02:00
Pan Dango
12ec80726f Corrected code-block directive in docs/ref/templates/builtins.txt. 2023-05-07 14:51:27 +02:00
Jannis Vajen
024954aad4 Corrected code-block directives in docs. 2023-05-04 14:10:11 +02:00
django-bot
14459f80ee Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
Joseph Victor Zammit
ba755ca131 Refs #34140 -- Corrected rst code-block and various formatting issues in docs. 2023-02-28 12:21:37 +01:00
Carlton Gibson
534ac48297 Refs #34140 -- Applied rst code-block to non-Python examples.
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
2023-02-10 19:19:13 +01:00
Mariusz Felisiak
8d98f99a4a Refs #32873 -- Removed settings.USE_L10N per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
490cccbe7e Removed versionadded/changed annotations for 4.1. 2023-01-17 11:49:15 +01:00
Jarosław Wygoda
32940d390a Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. 2023-01-12 09:58:36 +01:00
Nick Pope
4d4bf55e0e Fixed #33864 -- Deprecated length_is template filter. 2022-07-23 12:36:21 +02:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
David Smith
67b5f506a6 Changed some words to use inline markup. 2022-03-10 10:18:31 +01:00
Andrey Otto
f70a875cc0 Fixed #33530 -- Fixed typo in docs/ref/templates/builtins.txt. 2022-02-21 06:13:36 +01:00
Markus Holtermann
394517f078 Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
Thanks Keryn Knight for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-02-01 07:40:51 +01:00
Claude Paroz
7c4f396509 Stopped including type="text/css" attributes for CSS link tags. 2022-01-22 16:38:14 +01:00
Florian Apolloner
761f449e0d Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter.
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-01-04 10:03:56 +01:00
Baptiste Mispelon
e6e664a711 Fixed #33302 -- Made element_id optional argument for json_script template filter.
Added versionchanged note in documentation
2021-11-22 11:52:19 +01:00
Mariusz Felisiak
97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak
4a43335d30 Fixed #30086, Refs #32873 -- Made floatformat template filter independent of USE_L10N. 2021-09-08 08:37:27 +02:00
Muhammad Hammad
f1d2d2679b Fixed #33067 -- Improved templatetag docs. 2021-09-03 20:08:01 +02:00
David Smith
8208381ba6 Refs #32956 -- Corrected spelling of daylight saving time.
AP Stylebook: Saving not savings, no hyphen, and lowercase.
2021-08-06 13:00:24 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Nick Pope
34363a391b Fixed #32735 -- Made DateFormat.Y() return a zero-padded year. 2021-05-12 08:17:06 +02:00
Mariusz Felisiak
e7208f13c0 Refs #25236 -- Removed {% ifequal %} and {% ifnotequal %} template tags per deprecation timeline. 2021-01-14 17:50:04 +01:00
Mariusz Felisiak
b7dd89ed53 Removed versionadded/changed annotations for 3.1. 2021-01-14 17:50:04 +01:00
Roland Geider
3363cf4225 Fixed typo in docs/ref/templates/builtins.txt. 2021-01-04 07:34:53 +01:00
Sam
895f6e4992 Fixed #32149 -- Added support for years < 1000 to DateFormat.y(). 2020-11-12 12:43:06 +01:00
Nikita Sobolev
42f3fafdfa Updated {% static %} tag examples in docs to use single quotes where appropriate. 2020-11-02 10:34:24 +01:00
Jacob Walls
ac6c426007 Fixed #20601 -- Allowed forcing format with thousand separators in floatformat filter.
Thanks Claude Paroz and Nick Pope for reviews.
2020-10-13 10:36:46 +02:00
Adam Johnson
2afa61e7d9 Refs #31493 -- Replaced var with const/let in documentation JS. 2020-06-24 12:20:57 +02:00
Jon Dufresne
72a170b4c3 Fixed #25236 -- Deprecated {% ifequal %} and {% ifnotequal %} template tags.
The {% if %} tag provides all features of these tags.

Since Django 1.2 (May 17, 2010), the docs have hinted that
{% ifequal %} and {% ifnotequal %} will be deprecated in a future
Django version. Time to make it official.
2020-05-11 09:07:33 +02:00
Mariusz Felisiak
fc0b48d2e7 Fixed typo in docs/ref/templates/builtins.txt. 2020-04-15 10:41:19 +02:00
Keshav Kumar
f37d548ede Fixed #20995 -- Added support for iterables of template names to {% include %} template tag.
Thanks Adam Johnson for the review.
2020-02-18 06:56:05 +01:00
Mike Hansen
d291c72bf2 Fixed #30585 -- Added {% translate %} and {% blocktranslate %} template tags. 2019-12-18 13:15:38 +01:00
Uttam Kini
d646e3d14f Fixed #31024 -- Clarified {% firstof %} tag's handling of arguments. 2019-12-04 13:41:29 +01:00
Ryan Cheley
a1f14ee3e5 Fixed #31006 -- Doc'd backslash escaping in date/time template filters. 2019-12-02 13:07:38 +01:00
Baptiste Mispelon
ff1b19da67 Fixed #31029 -- Used more specific links to RFCs. 2019-11-27 20:54:38 +01:00
Baptiste Mispelon
1185c6172b Fixed #30990 -- Fixed example output in 'z' date format docs. 2019-11-18 11:30:20 +01:00
Sky
3cf907c20c Fixed #30761 -- Prevented floatformat filter from returning a negative zero. 2019-10-31 10:48:35 +01:00
Tobias Kunze
4a954cfd11 Fixed #30573 -- Rephrased documentation to avoid words that minimise the involved difficulty.
This patch does not remove all occurrences of the words in question.
Rather, I went through all of the occurrences of the words listed
below, and judged if they a) suggested the reader had some kind of
knowledge/experience, and b) if they added anything of value (including
tone of voice, etc). I left most of the words alone. I looked at the
following words:

- simply/simple
- easy/easier/easiest
- obvious
- just
- merely
- straightforward
- ridiculous

Thanks to Carlton Gibson for guidance on how to approach this issue, and
to Tim Bell for providing the idea. But the enormous lion's share of
thanks go to Adam Johnson for his patient and helpful review.
2019-09-06 13:27:46 +02:00
aitoehigie
c2f381ef17 Fixed #30589 -- Clarified that urlize should be applied only to email addresses without single quotes. 2019-07-01 11:39:31 +02:00
Tobias Kunze
e3968df527 Refs #20122 -- Corrected documentation of pluralize template filter. 2019-05-03 11:35:19 +02:00
Jon Dufresne
8d76443aba Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape(). 2019-04-25 15:09:07 +02:00
Philipp Bosch
0b8abd7cdf Used monospace font in date template filter format character docs.
Helps distinguish between lowercase L and uppercase I.
2019-03-21 10:20:09 -04:00
Tim Graham
ec7e179aeb Removed versionadded/changed annotations for 2.1. 2019-01-17 10:50:25 -05:00