[1.8.x] Fixed an infinite loop possibility in strip_tags().

This is a security fix; disclosure to follow shortly.
2025-10-31 09:41:08 +00:00 · 2015-03-04 08:11:25 -05:00
parent 5a8ef2a3cf
commit 5447709a57
4 changed files with 41 additions and 2 deletions
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -82,6 +82,9 @@ class TestUtilsHtml(TestCase):
            ('a<p a >b</p>c', 'abc'),
            ('d<a:b c:d>e</p>f', 'def'),
            ('<strong>foo</strong><a href="http://example.com">bar</a>', 'foobar'),
+            # caused infinite loop on Pythons not patched with
+            # http://bugs.python.org/issue20288
+            ('&gotcha&#;<>', '&gotcha&#;<>'),
        )
        for value, output in items:
            self.check_output(f, value, output)