Tim Graham
fed25f1105
Removed compatibility with Python 3.2.
2015-01-17 09:00:17 -05:00
Aymeric Augustin
6d52f6f8e6
Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Jon Dufresne
4468c08d70
Fixed #23968 -- Replaced list comprehension with generators and dict comprehension
2014-12-08 07:58:23 -05:00
Berker Peksag
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Markus Holtermann
ed2f96819c
Fixed #23715 -- Prevented urlize from treating a trailing ! as part of an URL
...
Thanks to 57even for the report.
2014-10-31 08:06:40 -04:00
Jon Dufresne
54e695331b
Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
...
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
Tim Graham
a4c23f70de
Fixed flake8 warnings.
2014-09-09 20:57:26 -04:00
Claude Paroz
b9d9287f59
Fixed urlize after smart_urlquote rewrite
...
Refs #22267 .
2014-09-09 21:59:35 +02:00
Claude Paroz
4b8a1d2c0d
Fixed #22267 -- Fixed unquote/quote in smart_urlquote
...
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
Tim Graham
1101467ce0
Limited lines to 119 characters in django/
...
refs #23395 .
2014-09-05 09:22:16 -04:00
Tim Graham
e122facbd8
Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
...
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
Claude Paroz
e167e96cfe
Fixed #22223 -- Prevented over-escaping URLs in reverse()
...
And follow more closely the class of characters defined in the
RFC 3986.
Thanks Erik van Zijst for the report and the initial patch, and
Tim Graham for the review.
2014-07-09 09:54:34 +02:00
LarryBrid
1bb1d3168b
Updated urlize regex following a93ee5112d
...
Prevent urlize from turning some.organization, an.intern etc.
into urls. Refs #22941 .
2014-07-04 09:00:16 +02:00
LarryBrid
a93ee5112d
Fixed #22941 - Added support for domain-only links with chars after the TLD to urlize.
...
It now works with something like google.com/foo/bar
2014-07-02 20:36:53 -04:00
Tomasz Wysocki
c28beb4291
Refactored and commented strip_tags utility
2014-04-03 21:24:29 +02:00
Alex Gaynor
778ce245dd
Corrected many style guide violations that the newest version of flake8 catches
2014-03-30 12:11:05 -07:00
Tim Graham
dadf2ee75f
Fixed a deprecation warning with the HTMLParser safe argument.
...
refs 6ca6c36f82
2014-03-27 09:17:49 -04:00
Alex Gaynor
684e8a941b
Removed an unused variable.
2014-03-22 10:11:39 -07:00
Claude Paroz
6ca6c36f82
Improved strip_tags and clarified documentation
...
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
2014-03-22 10:59:18 +01:00
Tim Graham
8b81dee60c
Removed fix_ampersands template filter per deprecation timeline.
...
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
2014-03-21 08:50:43 -04:00
Claude Paroz
210d0489c5
Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
...
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
Rodolfo Carvalho
0d91225892
Fixed many typos in comments and docstrings.
...
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Erik Romijn
775975f15d
Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html()
2014-03-01 14:07:57 +01:00
Baptiste Mispelon
3eb58f0dd1
Removed unnecessary function-level import.
2013-12-16 15:30:51 +01:00
Vajrasky Kok
db41778e8c
Removed unnecessary call to force_text in utils.html.clean_html.
...
Refs #21574
2013-12-16 15:22:54 +01:00
Loic Bistuer
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
Christopher Medrela
7477a4ffde
Fixed E125 pep8 warnings
2013-11-28 08:50:11 -05:00
Ray Ashman Jr
e2ae8b048e
Correct flake8 E302 violations
2013-11-02 19:53:29 -04:00
Alex Gaynor
7548aa8ffd
More attacking E302 violators
2013-11-02 13:12:09 -07:00
Ray Ashman Jr
dcfc8fa972
Correct flake8 violation E261
2013-11-02 15:27:47 -04:00
Alasdair Nicol
c3aa2948c6
Fixed #21298 -- Fixed E301 pep8 warnings
2013-10-23 13:45:03 +01:00
Alasdair Nicol
b289fcf1bf
Fixed #21288 -- Fixed E126 pep8 warnings
2013-10-21 08:31:30 -04:00
Unai Zalakain
af64429b99
Fixed #7261 -- support for __html__ for library interoperability
...
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.
This is an updated patch based on jbalogh and ivank patches.
2013-10-15 00:42:42 +02:00
Giles Richard Greenway
6c06adad1d
Fixed #20364 -- Changed urlize regexes to include quotation marks as punctation.
...
Thanks to EmilStenstrom for raising this, and to Chris Piwoński for all of the fixes and most of the tests.
2013-09-25 22:17:22 +02:00
Alex Gaynor
2530735d2d
Fixed a number of flake8 errors -- particularly around unused imports and local variables
2013-09-06 21:56:40 -07:00
Aymeric Augustin
6a6428a36f
Took advantage of django.utils.six.moves.urllib.*.
2013-09-05 14:39:23 -05:00
Simon Charette
11cd7388f7
Fixed #20989 -- Removed useless explicit list comprehensions.
2013-08-30 10:57:51 -04:00
Florian Apolloner
b70c371fc1
Simplified smart_urlquote and added some basic tests.
2013-07-28 10:05:39 +02:00
Aymeric Augustin
ffcf24c9ce
Removed several unused imports.
2013-06-19 17:18:40 +02:00
Claude Paroz
b664cb818d
Fixed #19237 (again) - Made strip_tags consistent between Python versions
2013-05-23 14:01:27 +02:00
Claude Paroz
dc51ec8bc2
Fixed #19237 -- Used HTML parser to strip tags
...
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
2013-05-22 17:34:02 +02:00
Emil Stenström
7d77e9786a
Fixed #20246 -- Added non-breaking spaces between values an units
2013-05-18 23:01:48 +02:00
Aymeric Augustin
9c487b5974
Replaced an antiquated pattern.
...
Thanks Lennart Regebro for pointing it out.
2013-05-17 18:08:58 +02:00
Claude Paroz
b474ffe63a
Fixed #20172 -- Ensured urlize supports IPv4/IPv6 addresses
...
Thanks Marc Aymerich for the report and the initial patch.
2013-04-01 15:37:37 +02:00
Claude Paroz
d7504a3d7b
Improved regex in strip_tags
...
Thanks Pablo Recio for the report. Refs #19237 .
2013-02-06 21:20:43 +01:00
Tim Graham
eafc036476
Fixed #19577 - Added HTML escaping to admin examples.
...
Thanks foo@ for the report and Florian Apolloner for the review.
2013-01-25 06:53:40 -05:00
Tom Insam
74809fdcc7
cope with unsplittable urls in smarl_urlquote.
2012-12-03 12:13:24 +00:00
Chris Khoo
bf1871d874
Fixed #19237 -- Improved strip_tags utility
...
The previous pattern didn't properly addressed cases where '>'
was present inside quoted tag content.
2012-11-24 12:16:52 +01:00
Andrew Godwin
7f75460fd6
Fixed #19070 -- urlize filter no longer raises exceptions on 2.7
...
Thanks to claudep for the patch.
2012-10-31 10:58:14 +00:00
Dave Hall
44767f2caf
Use unicode.translate to speed up js escaping.
2012-09-18 21:15:15 +02:00