mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-26 23:26:08 +00:00
Code Issues 32 Releases Wiki Activity
30,038 Commits 30 Branches 460 Tags
7fa946c76b25ec84752d0ddf6d4afb0cfdc25c93
Commit Graph

46 Commits

Author SHA1 Message Date
Shipeng Feng
68cc04887b Fixed #32866 -- Fixed trimming trailing punctuation from escaped string in urlize(). 2021-07-07 11:19:33 +02:00
Florian Apolloner
4b78420d25 Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities. 
Thanks to Guido Vranken for initial report.
 2019-08-01 09:24:54 +02:00
Jon Dufresne
8d76443aba Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape(). 2019-04-25 15:09:07 +02:00
Jon Dufresne
7e3bf2662b Removed default mode='r' argument from calls to open(). 2019-01-27 17:41:43 -05:00
Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి)
a7ef4a56e0 Fixed #29920 -- Added a test for smart_urlquote()'s UnicodeError branch. 2018-11-09 12:39:08 -05:00
Jon Dufresne
82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
Tim Graham
911af0d24b Added more tests for django.utils.html.urlize(). 2018-03-06 08:30:41 -05:00
Tim Graham
8618271caa Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters. 
Thanks Florian Apolloner for assisting with the patch.
 2018-03-06 08:30:40 -05:00
Tim Graham
b832de869e Added tests for utils.html.urlize() (lazy string inputs were untested). 2018-02-10 15:45:57 -05:00
Jonas Haag
8c709d79cb Fixed #17419 -- Added json_tag template filter. 2018-02-07 18:38:12 -05:00
Jon Dufresne
ff05de760c Fixed #29038 -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Tim Graham
6ae1b04fb5 Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. 2017-03-04 09:04:16 -05:00
Claude Paroz
a21ec12409 Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape 2017-02-02 21:01:39 +01:00
Tim Graham
f8d52521ab Refs #27804 -- Used subTest() in tests.utils_tests.test_html. 2017-02-02 08:17:00 -05:00
Tim Graham
2af8cd22a9 Imported specific functions in tests.utils_tests.test_html. 2017-02-02 07:23:10 -05:00
Claude Paroz
2366100872 Removed unneeded force_text calls in the test suite 2017-01-24 18:45:54 +01:00
Tim Graham
4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. 
These functions do nothing on Python 3.
 2017-01-20 08:01:02 -05:00
Simon Charette
cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz
c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage 
Thanks Tim Graham for the review.
 2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Iacopo Spalletti
d693074d43 Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy(). 
Thanks to bmispelon and uruz for the initial patch.
 2015-12-12 14:46:48 -05:00
Tim Graham
222d063301 Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline. 2015-09-23 19:31:09 -04:00
Dražen Odobašić
b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Tim Graham
aaacaeb096 Renamed RemovedInDjangoXYWarnings for new roadmap. 
Forwardport of ae1d663b79
from stable/1.8.x plus more.
 2015-06-24 16:08:20 -04:00
Moritz Sichert
1f2abf784a Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates. 2015-03-27 19:46:20 -04:00
Tim Graham
1c83fc88d6 Fixed an infinite loop possibility in strip_tags(). 
This is a security fix; disclosure to follow shortly.
 2015-03-18 19:20:07 -04:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Claude Paroz
51890ce889 Applied ignore_warnings to Django tests 2014-12-30 18:16:25 +01:00
Berker Peksag
560b4207b1 Removed redundant numbered parameters from str.format(). 
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
 2014-12-03 14:27:38 -05:00
Claude Paroz
b9d9287f59 Fixed urlize after smart_urlquote rewrite 
Refs #22267.
 2014-09-09 21:59:35 +02:00
Claude Paroz
4b8a1d2c0d Fixed #22267 -- Fixed unquote/quote in smart_urlquote 
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
 2014-09-09 21:58:07 +02:00
Tim Graham
e122facbd8 Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter. 
Also the unused, undocumented django.utils.html.strip_entities() function.
 2014-08-15 08:20:02 -04:00
Claude Paroz
6a0291bdaf Tweaked strip_tags tests to pass on Python 3.3 2014-03-22 14:43:11 +01:00
Claude Paroz
6ca6c36f82 Improved strip_tags and clarified documentation 
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
 2014-03-22 10:59:18 +01:00
Tim Graham
8b81dee60c Removed fix_ampersands template filter per deprecation timeline. 
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
 2014-03-21 08:50:43 -04:00
Claude Paroz
210d0489c5 Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings 
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
 2014-03-08 09:57:40 +01:00
Erik Romijn
775975f15d Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html() 2014-03-01 14:07:57 +01:00
Alex Gaynor
9d740eb8b1 Fix all violators of E231 2013-10-26 12:15:03 -07:00
Alasdair Nicol
a800036981 Fixed #21287 -- Fixed E123 pep8 warnings 2013-10-18 10:07:39 +01:00
Unai Zalakain
af64429b99 Fixed #7261 -- support for __html__ for library interoperability 
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.

This is an updated patch based on jbalogh and ivank patches.
 2013-10-15 00:42:42 +02:00
Florian Apolloner
b70c371fc1 Simplified smart_urlquote and added some basic tests. 2013-07-28 10:05:39 +02:00
Aymeric Augustin
cfcf4b3605 Stopped using django.utils.unittest in the test suite. 
Refs #20680.
 2013-07-01 14:29:33 +02:00
Claude Paroz
b664cb818d Fixed #19237 (again) - Made strip_tags consistent between Python versions 2013-05-23 14:01:27 +02:00
Claude Paroz
dc51ec8bc2 Fixed #19237 -- Used HTML parser to strip tags 
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
 2013-05-22 17:34:02 +02:00
Preston Timmons
612ef3e5c9 Modified utils_tests for unittest2 discovery. 2013-04-12 15:31:58 -06:00