1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Commit Graph

480 Commits

Author SHA1 Message Date
Mike Edmunds
29ba75e6e5 Fixed #36013 -- Removed use of IDNA-2003 in django.utils.html.
Removed obsolete and potentially problematic IDNA 2003 ("punycode")
encoding of international domain names in smart_urlquote() and Urlizer,
which are used (only) by AdminURLFieldWidget and the urlize/urlizetrunc
template filters. Changed to use percent-encoded UTF-8, which defers
IDNA details to the browser (like other URLs rendered by Django).
2025-01-23 10:38:15 +01:00
Sarah Boyce
b721f12760 Fixed #35998 -- Added caching to django.utils.html.urlize(). 2025-01-14 17:59:32 +01:00
Gabriel Nick Pivovarov
55855bc6d0 Fixed #35493 -- Allowed template self-inclusion with relative paths.
Co-authored-by: Brock <bsmick97@gmail.com>
2024-12-06 10:44:10 +01:00
Natalia
15ca75449b Refs #10941 -- Added tests in querystring template tag.
These extra tests assert over the handling of empty params (None, empty
dict, empty QueryDict), and also for dicts having non-string keys.
2024-11-29 08:27:11 +01:00
Natalia
f2b44ef408 Refs #10941 -- Added helper and refactored tests for querystring template tag.
Thank you Sarah Boyce for the review and suggestions.
2024-11-29 08:27:11 +01:00
Klaas van Schelven
1722f2db58 Fixed #35897 -- Removed unnecessary escaping in template's get_exception_info(). 2024-11-28 15:53:31 +01:00
Jake Howard
4c452cc377 Fixed #35535 -- Added template tag decorator simple_block_tag().
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-11-19 14:35:02 -03:00
Mariusz Felisiak
8d7b1423f8 Refs #35844 -- Fixed copying BaseContext and its subclasses on Python 3.14+.
super objects are copyable on Python 3.14+:

5ca4e34bc1

and can no longer be used in BaseContext.__copy__().
2024-11-18 16:05:37 +01:00
ekinertac
68cee15a8f Fixed #35789 -- Improved the error message raised when the tag must be first in the template. 2024-10-10 12:21:02 +02:00
Fabian Braun
d2c97981fb Fixed #35735 -- Enabled template access to methods and properties of classes with __class_get_item__. 2024-09-17 09:52:44 +02:00
Lily Foote
d50f61be7f Improved TokenType.COMMENT test by using correct block syntax in template tests. 2024-09-16 10:30:30 -03:00
Sarah Boyce
320dd27412 Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
2024-09-03 09:22:32 -03:00
Mariusz Felisiak
7fb15ad5bc Fixed #35661 -- Fixed test_too_many_digits_to_rander() test crash on PyPy.
Thanks Michał Górny for the report.
2024-08-08 09:53:04 +02:00
Sarah Boyce
c19465ad87 Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
2024-08-06 08:50:08 +02:00
nessita
1b277b45cc Added dedicated test for invalid inputs in floatformat template filter tests.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-25 16:15:53 -03:00
nessita
5dc17177c3 Refs #10941 -- Renamed test file test_query_string.py to test_querystring.py.
This follows previous renames made in 27043bde5b.
2024-07-16 22:14:52 -03:00
Sarah Boyce
27043bde5b Refs #10941 -- Renamed query_string template tag to querystring. 2024-07-15 13:28:55 -03:00
Sarah Boyce
c6d1f98d26 Improved test coverage of urlize. 2024-07-10 09:32:02 +02:00
George Y. Kussumoto
2a32b23382 Fixed #35417 -- Updated BaseContext.new() with values to create a context that can be flattened. 2024-06-13 14:22:40 +02:00
Tim Richardson
e64d42e753 Fixed #35395 -- slice filter crashes on an empty dict with Python 3.12.
Keep consistent behaviour of slice() filter between python 3.12 and prior
versions in the case of a dict passed to the filter (catch the new to python
3.12 KeyError exception).
2024-04-24 10:53:38 +02:00
David Smith
6ee37ada32 Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator. 2024-02-07 09:46:25 +01:00
David Smith
70f39e46f8 Refs #30686 -- Fixed text truncation for negative or zero lengths. 2024-02-07 05:18:35 +01:00
David Smith
48a4693951 Refs #30686 -- Improved test coverage of Truncator. 2024-02-06 16:35:08 +01:00
Alexander Lazarević
22785f0d6b Refs #35141 -- Corrected value of CACHE_MIDDLEWARE_SECONDS in CacheMiddlewareTest tests. 2024-01-29 19:18:43 +01:00
Mariusz Felisiak
305757aec1 Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Mariusz Felisiak
d88ec42bd0 Used addCleanup() in tests where appropriate. 2023-12-31 10:01:31 +01:00
Tom Carrick
e67d3580ed Fixed #10941 -- Added {% query_string %} template tag. 2023-10-26 09:57:21 +02:00
Carlton Gibson
35bbb2c9c0 Fixed #34883 -- Allowed template tags to set extra data on templates.
By setting a value in the `parser.extra_data` mapping, template tags
pass additional data out of the parsing context.

Any extra data set is exposed on the template via the matching
`.extra_data` attribute.

Library authors should use a key to namespace extra data. The 'django'
namespace is reserved for internal use.
2023-10-02 16:16:43 +02:00
Mariusz Felisiak
6ad0dbc8d9 Refs #15667 -- Added resetting default renderer when FORM_RENDERER is changed. 2023-09-29 08:54:13 +02:00
Dan Jacob
fe835c2355 Fixed #34878 -- Fixed autoreloader crash when FORM_RENDERER is set to TemplatesSetting.
Regression in 439242c594.
2023-09-29 06:01:04 +02:00
Mariusz Felisiak
14ef92fa9e Refs #33864 -- Removed length_is template filter per deprecation timeline. 2023-09-18 22:12:40 +02:00
konsti
48a1929ca0 Removed unnecessary trailing commas in tests. 2023-08-22 12:42:57 +02:00
priyank.panchal
439242c594 Fixed #34692 -- Made autoreloader reset cached template loader for default renderer. 2023-08-09 09:09:52 +02:00
Mariusz Felisiak
4afaeb14c2 Refs #30116 -- Simplified tests related with dictionary order.
Dicts preserve order since Python 3.6.
2023-07-12 11:06:59 +02:00
Arthur Moreira
061a8a1bd8 Fixed #34577 -- Added escapeseq template filter. 2023-05-22 09:58:03 +02:00
rajeeshp
a2da81fe08 Fixed #34578 -- Made "join" template filter respect autoescape for joiner. 2023-05-19 13:16:42 +02:00
David Sanders
7d0e566208 Fixed #34518 -- Fixed crash of random() template filter with an empty list. 2023-04-26 14:17:57 +02:00
David Sanders
5dba5fda55 Fixed #34427 -- Improved error message when context processor does not return a dict. 2023-03-29 08:54:04 +02:00
Liyang Zhang
f9f9215d3e Fixed some typos in comments, docstrings, and tests. 2023-03-20 08:07:23 +01:00
Panagiotis H.M. Issaris
dcd9746983 Fixed #34363 -- Fixed floatformat crash on zero with trailing zeros.
Regression in 08c5a78726.
Follow up to 4b066bde69.
2023-02-22 20:46:16 +01:00
David Smith
097e3a70c1 Refs #33476 -- Applied Black's 2023 stable style.
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00
David Wobrock
4b066bde69 Fixed #34272 -- Fixed floatformat crash on zero with trailing zeros to zero decimal places.
Regression in 08c5a78726.

Thanks Andrii Lahuta for the report.
2023-01-19 10:15:40 +01:00
GianpaoloBranca
8d67e16493 Fixed #33879 -- Improved timesince handling of long intervals. 2023-01-04 11:14:06 +01:00
LightDiscord
e20c9eb60a Fixed #27654 -- Propagated alters_data attribute to callables overridden in subclasses.
Thanks Shai Berger and Adam Johnson for reviews and the implementation
idea.
2022-11-04 11:08:58 +01:00
Vlastimil Zíma
08c5a78726 Fixed #34098 -- Fixed loss of precision for Decimal values in floatformat filter.
Regression in 12f7928f5a.
2022-10-24 12:59:34 +02:00
Nick Pope
4d4bf55e0e Fixed #33864 -- Deprecated length_is template filter. 2022-07-23 12:36:21 +02:00
cheng
d4c5d2b52c Fixed #33631 -- Marked {% blocktranslate asvar %} result as HTML safe. 2022-07-14 11:09:19 +02:00
Claude Paroz
292f372768 Fixed #33748 -- Fixed date template filter crash with lazy format.
Regression in 659d2421c7.
2022-05-31 06:09:39 +02:00
Aymeric Augustin
aff649a3bd Normalized imports of functools.wraps.
@wraps is 10 times more common than @functools.wraps. Standardize to
the most common version.
2022-05-25 10:58:28 +02:00
cheng
0dd2920909 Fixed #33653 -- Fixed template crash when calling methods for built-in types without required arguments.
Regression in 09341856ed.
2022-05-20 07:53:05 +02:00