1e3cd51163
Simplified django.utils.html.urlize().
2018-10-12 12:15:26 -04:00
910548634a
Refs #29826 -- Removed unused characters from urlize configuration.
...
The HTML characters are unused because urlize is meant to be applied to
plain text and these characters aren't properly detected (refs #29826 ).
Angle brackets and quotes are present in word_split_re and therefore
won't be used in WRAPPING_PUNCTUATION.
2018-10-12 08:13:52 +02:00
8ef8bc0f64
Refs #28909 -- Simplifed code using unpacking generalizations.
2018-09-28 09:57:12 -04:00
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
201017df30
Fixed #29654 -- Made text truncation an ellipsis character instead of three dots.
...
Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-08-21 17:46:45 +02:00
8618271caa
Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
...
Thanks Florian Apolloner for assisting with the patch.
2018-03-06 08:30:40 -05:00
968329b5c2
Refs #27795 -- Replaced force_text() calls with str() in django.utils.html.
2018-02-09 16:47:45 -08:00
8c709d79cb
Fixed #17419 -- Added json_tag template filter.
2018-02-07 18:38:12 -05:00
ff05de760c
Fixed #29038 -- Removed closing slash from HTML void tags.
2018-01-21 02:09:10 -05:00
c68f66e014
Refs #23919 -- Replaced super() calls for old-style classes.
2017-12-07 09:10:32 -05:00
abb636c1af
Improved performance of utils.html.escape().
2017-10-13 09:20:13 -04:00
cfff2af02b
Fixed #27857 -- Dropped support for Python 3.4.
2017-09-25 17:11:03 -04:00
301de774c2
Refs #27795 -- Replaced many force_text() with str()
...
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
6ae1b04fb5
Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals.
2017-03-04 09:04:16 -05:00
9718fa2e8a
Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.
2017-02-11 16:11:08 -05:00
a21ec12409
Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape
2017-02-02 21:01:39 +01:00
d170c63351
Refs #23919 -- Removed misc references to Python 2.
2017-01-21 20:02:00 -05:00
042b7350a0
Refs #23919 -- Removed unneeded str() calls
2017-01-20 14:13:55 +01:00
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
4ff389dcdc
Removed unused regexes from django.utils.html.
...
Last uses removed in commit 8b81dee60c
2016-09-23 11:24:50 -07:00
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
dec334cb66
Fixed #26193 -- Made urlize() trim multiple trailing punctuation.
2016-02-15 09:10:15 -05:00
d693074d43
Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
...
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
222d063301
Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline.
2015-09-23 19:31:09 -04:00
5153a3bfdc
Fixed #25331 -- Removed trailing blank lines in docstrings.
2015-08-31 17:37:21 -04:00
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
2015-06-24 16:08:20 -04:00
47fcbe506c
Fixed flake8 warnings on Python 3.
2015-06-15 11:27:09 -04:00
1f2abf784a
Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.
2015-03-27 19:46:20 -04:00
1c83fc88d6
Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
3ed9c7bdfe
Fixed #24471 -- Enhanced urlize regex to exclude quotes and angle brackets.
2015-03-10 19:24:46 -04:00
7b1a67cce5
Fixed escaping regression in urlize filter.
...
Now that the URL is always unescaped as of refs #22267 ,
we should re-escape it before inserting it into the anchor.
2015-03-10 18:58:34 -04:00
ec808e807a
Fixed urlize regression with entities in query strings
...
Refs #22267 .
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.
2015-03-06 22:20:14 +01:00
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
fed25f1105
Removed compatibility with Python 3.2.
2015-01-17 09:00:17 -05:00
6d52f6f8e6
Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
4468c08d70
Fixed #23968 -- Replaced list comprehension with generators and dict comprehension
2014-12-08 07:58:23 -05:00
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
ed2f96819c
Fixed #23715 -- Prevented urlize from treating a trailing ! as part of an URL
...
Thanks to 57even for the report.
2014-10-31 08:06:40 -04:00
54e695331b
Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
...
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
a4c23f70de
Fixed flake8 warnings.
2014-09-09 20:57:26 -04:00
b9d9287f59
Fixed urlize after smart_urlquote rewrite
...
Refs #22267 .
2014-09-09 21:59:35 +02:00
4b8a1d2c0d
Fixed #22267 -- Fixed unquote/quote in smart_urlquote
...
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
1101467ce0
Limited lines to 119 characters in django/
...
refs #23395 .
2014-09-05 09:22:16 -04:00
e122facbd8
Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
...
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
Tim Graham
Sergey Fedoseev
Jon Dufresne
Claude Paroz
Jonas Haag
Nick Pope
Tom
Anton Samarchyan
Ramin Farajpour Cami
Iacopo Spalletti
Maxime Lorant
Moritz Sichert
Aymeric Augustin
Berker Peksag
Markus Holtermann