Jon Dufresne
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
Claude Paroz
201017df30
Fixed #29654 -- Made text truncation an ellipsis character instead of three dots.
...
Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-08-21 17:46:45 +02:00
Tim Graham
8618271caa
Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
...
Thanks Florian Apolloner for assisting with the patch.
2018-03-06 08:30:40 -05:00
Jon Dufresne
968329b5c2
Refs #27795 -- Replaced force_text() calls with str() in django.utils.html.
2018-02-09 16:47:45 -08:00
Jonas Haag
8c709d79cb
Fixed #17419 -- Added json_tag template filter.
2018-02-07 18:38:12 -05:00
Jon Dufresne
ff05de760c
Fixed #29038 -- Removed closing slash from HTML void tags.
2018-01-21 02:09:10 -05:00
Nick Pope
c68f66e014
Refs #23919 -- Replaced super() calls for old-style classes.
2017-12-07 09:10:32 -05:00
Tom
abb636c1af
Improved performance of utils.html.escape().
2017-10-13 09:20:13 -04:00
Tim Graham
cfff2af02b
Fixed #27857 -- Dropped support for Python 3.4.
2017-09-25 17:11:03 -04:00
Claude Paroz
301de774c2
Refs #27795 -- Replaced many force_text() with str()
...
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
Tim Graham
6ae1b04fb5
Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals.
2017-03-04 09:04:16 -05:00
Anton Samarchyan
9718fa2e8a
Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.
2017-02-11 16:11:08 -05:00
Claude Paroz
a21ec12409
Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape
2017-02-02 21:01:39 +01:00
Tim Graham
d170c63351
Refs #23919 -- Removed misc references to Python 2.
2017-01-21 20:02:00 -05:00
Claude Paroz
042b7350a0
Refs #23919 -- Removed unneeded str() calls
2017-01-20 14:13:55 +01:00
Claude Paroz
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
Ramin Farajpour Cami
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
Jon Dufresne
4ff389dcdc
Removed unused regexes from django.utils.html.
...
Last uses removed in commit 8b81dee60c
.
2016-09-23 11:24:50 -07:00
Tim Graham
8119b679eb
Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.
...
http://bugs.python.org/issue27364
2016-09-17 15:44:06 -04:00
Tim Graham
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
Jon Dufresne
dec334cb66
Fixed #26193 -- Made urlize() trim multiple trailing punctuation.
2016-02-15 09:10:15 -05:00
Iacopo Spalletti
d693074d43
Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
...
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
Tim Graham
222d063301
Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline.
2015-09-23 19:31:09 -04:00
Maxime Lorant
5153a3bfdc
Fixed #25331 -- Removed trailing blank lines in docstrings.
2015-08-31 17:37:21 -04:00
Tim Graham
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
from stable/1.8.x plus more.
2015-06-24 16:08:20 -04:00
Tim Graham
47fcbe506c
Fixed flake8 warnings on Python 3.
2015-06-15 11:27:09 -04:00
Moritz Sichert
1f2abf784a
Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.
2015-03-27 19:46:20 -04:00
Tim Graham
1c83fc88d6
Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
Tim Graham
3ed9c7bdfe
Fixed #24471 -- Enhanced urlize regex to exclude quotes and angle brackets.
2015-03-10 19:24:46 -04:00
Tim Graham
7b1a67cce5
Fixed escaping regression in urlize filter.
...
Now that the URL is always unescaped as of refs #22267 ,
we should re-escape it before inserting it into the anchor.
2015-03-10 18:58:34 -04:00
Claude Paroz
ec808e807a
Fixed urlize regression with entities in query strings
...
Refs #22267 .
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.
2015-03-06 22:20:14 +01:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Tim Graham
fed25f1105
Removed compatibility with Python 3.2.
2015-01-17 09:00:17 -05:00
Aymeric Augustin
6d52f6f8e6
Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
Jon Dufresne
4468c08d70
Fixed #23968 -- Replaced list comprehension with generators and dict comprehension
2014-12-08 07:58:23 -05:00
Berker Peksag
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
Markus Holtermann
ed2f96819c
Fixed #23715 -- Prevented urlize from treating a trailing ! as part of an URL
...
Thanks to 57even for the report.
2014-10-31 08:06:40 -04:00
Jon Dufresne
54e695331b
Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
...
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
Tim Graham
a4c23f70de
Fixed flake8 warnings.
2014-09-09 20:57:26 -04:00
Claude Paroz
b9d9287f59
Fixed urlize after smart_urlquote rewrite
...
Refs #22267 .
2014-09-09 21:59:35 +02:00
Claude Paroz
4b8a1d2c0d
Fixed #22267 -- Fixed unquote/quote in smart_urlquote
...
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
Tim Graham
1101467ce0
Limited lines to 119 characters in django/
...
refs #23395 .
2014-09-05 09:22:16 -04:00
Tim Graham
e122facbd8
Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
...
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
Claude Paroz
e167e96cfe
Fixed #22223 -- Prevented over-escaping URLs in reverse()
...
And follow more closely the class of characters defined in the
RFC 3986.
Thanks Erik van Zijst for the report and the initial patch, and
Tim Graham for the review.
2014-07-09 09:54:34 +02:00
LarryBrid
1bb1d3168b
Updated urlize regex following a93ee5112d
...
Prevent urlize from turning some.organization, an.intern etc.
into urls. Refs #22941 .
2014-07-04 09:00:16 +02:00
LarryBrid
a93ee5112d
Fixed #22941 - Added support for domain-only links with chars after the TLD to urlize.
...
It now works with something like google.com/foo/bar
2014-07-02 20:36:53 -04:00