222d063301
Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline.
2015-09-23 19:31:09 -04:00
5153a3bfdc
Fixed #25331 -- Removed trailing blank lines in docstrings.
2015-08-31 17:37:21 -04:00
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
2015-06-24 16:08:20 -04:00
47fcbe506c
Fixed flake8 warnings on Python 3.
2015-06-15 11:27:09 -04:00
1f2abf784a
Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.
2015-03-27 19:46:20 -04:00
1c83fc88d6
Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
3ed9c7bdfe
Fixed #24471 -- Enhanced urlize regex to exclude quotes and angle brackets.
2015-03-10 19:24:46 -04:00
7b1a67cce5
Fixed escaping regression in urlize filter.
...
Now that the URL is always unescaped as of refs #22267 ,
we should re-escape it before inserting it into the anchor.
2015-03-10 18:58:34 -04:00
ec808e807a
Fixed urlize regression with entities in query strings
...
Refs #22267 .
Thanks Shai Berger for spotting the issue and Tim Graham for the
initial patch.
2015-03-06 22:20:14 +01:00
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
fed25f1105
Removed compatibility with Python 3.2.
2015-01-17 09:00:17 -05:00
6d52f6f8e6
Fixed #23831 -- Supported strings escaped by third-party libs in Django.
...
Refs #7261 -- Made strings escaped by Django usable in third-party libs.
The changes in mark_safe and mark_for_escaping are straightforward. The
more tricky part is to handle correctly objects that implement __html__.
Historically escape() has escaped SafeData. Even if that doesn't seem a
good behavior, changing it would create security concerns. Therefore
support for __html__() was only added to conditional_escape() where this
concern doesn't exist.
Then using conditional_escape() instead of escape() in the Django
template engine makes it understand data escaped by other libraries.
Template filter |escape accounts for __html__() when it's available.
|force_escape forces the use of Django's HTML escaping implementation.
Here's why the change in render_value_in_context() is safe. Before Django
1.7 conditional_escape() was implemented as follows:
if isinstance(text, SafeData):
return text
else:
return escape(text)
render_value_in_context() never called escape() on SafeData. Therefore
replacing escape() with conditional_escape() doesn't change the
autoescaping logic as it was originally intended.
This change should be backported to Django 1.7 because it corrects a
feature added in Django 1.7.
Thanks mitsuhiko for the report.
2014-12-27 18:02:34 +01:00
4468c08d70
Fixed #23968 -- Replaced list comprehension with generators and dict comprehension
2014-12-08 07:58:23 -05:00
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
ed2f96819c
Fixed #23715 -- Prevented urlize from treating a trailing ! as part of an URL
...
Thanks to 57even for the report.
2014-10-31 08:06:40 -04:00
54e695331b
Fixed #20221 -- Allowed some functions that use mark_safe() to result in SafeText.
...
Thanks Baptiste Mispelon for the report.
2014-10-20 17:08:29 -04:00
a4c23f70de
Fixed flake8 warnings.
2014-09-09 20:57:26 -04:00
b9d9287f59
Fixed urlize after smart_urlquote rewrite
...
Refs #22267 .
2014-09-09 21:59:35 +02:00
4b8a1d2c0d
Fixed #22267 -- Fixed unquote/quote in smart_urlquote
...
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
1101467ce0
Limited lines to 119 characters in django/
...
refs #23395 .
2014-09-05 09:22:16 -04:00
e122facbd8
Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
...
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
e167e96cfe
Fixed #22223 -- Prevented over-escaping URLs in reverse()
...
And follow more closely the class of characters defined in the
RFC 3986.
Thanks Erik van Zijst for the report and the initial patch, and
Tim Graham for the review.
2014-07-09 09:54:34 +02:00
1bb1d3168b
Updated urlize regex following a93ee5112d
...
Prevent urlize from turning some.organization, an.intern etc.
into urls. Refs #22941 .
2014-07-04 09:00:16 +02:00
a93ee5112d
Fixed #22941 - Added support for domain-only links with chars after the TLD to urlize.
...
It now works with something like google.com/foo/bar
2014-07-02 20:36:53 -04:00
c28beb4291
Refactored and commented strip_tags utility
2014-04-03 21:24:29 +02:00
778ce245dd
Corrected many style guide violations that the newest version of flake8 catches
2014-03-30 12:11:05 -07:00
dadf2ee75f
Fixed a deprecation warning with the HTMLParser safe argument.
...
refs 6ca6c36f82
2014-03-27 09:17:49 -04:00
684e8a941b
Removed an unused variable.
2014-03-22 10:11:39 -07:00
6ca6c36f82
Improved strip_tags and clarified documentation
...
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
2014-03-22 10:59:18 +01:00
8b81dee60c
Removed fix_ampersands template filter per deprecation timeline.
...
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
2014-03-21 08:50:43 -04:00
210d0489c5
Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
...
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
0d91225892
Fixed many typos in comments and docstrings.
...
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
775975f15d
Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html()
2014-03-01 14:07:57 +01:00
3eb58f0dd1
Removed unnecessary function-level import.
2013-12-16 15:30:51 +01:00
db41778e8c
Removed unnecessary call to force_text in utils.html.clean_html.
...
Refs #21574
2013-12-16 15:22:54 +01:00
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
7477a4ffde
Fixed E125 pep8 warnings
2013-11-28 08:50:11 -05:00
e2ae8b048e
Correct flake8 E302 violations
2013-11-02 19:53:29 -04:00
7548aa8ffd
More attacking E302 violators
2013-11-02 13:12:09 -07:00
dcfc8fa972
Correct flake8 violation E261
2013-11-02 15:27:47 -04:00
c3aa2948c6
Fixed #21298 -- Fixed E301 pep8 warnings
2013-10-23 13:45:03 +01:00
b289fcf1bf
Fixed #21288 -- Fixed E126 pep8 warnings
2013-10-21 08:31:30 -04:00
af64429b99
Fixed #7261 -- support for __html__ for library interoperability
...
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.
This is an updated patch based on jbalogh and ivank patches.
2013-10-15 00:42:42 +02:00
6c06adad1d
Fixed #20364 -- Changed urlize regexes to include quotation marks as punctation.
...
Thanks to EmilStenstrom for raising this, and to Chris Piwoński for all of the fixes and most of the tests.
2013-09-25 22:17:22 +02:00
2530735d2d
Fixed a number of flake8 errors -- particularly around unused imports and local variables
2013-09-06 21:56:40 -07:00
6a6428a36f
Took advantage of django.utils.six.moves.urllib.*.
2013-09-05 14:39:23 -05:00
11cd7388f7
Fixed #20989 -- Removed useless explicit list comprehensions.
2013-08-30 10:57:51 -04:00
b70c371fc1
Simplified smart_urlquote and added some basic tests.
2013-07-28 10:05:39 +02:00
ffcf24c9ce
Removed several unused imports.
2013-06-19 17:18:40 +02:00
b664cb818d
Fixed #19237 (again) - Made strip_tags consistent between Python versions
2013-05-23 14:01:27 +02:00
Tim Graham
Maxime Lorant
Moritz Sichert
Claude Paroz
Aymeric Augustin
Jon Dufresne
Berker Peksag
Markus Holtermann
LarryBrid
LarryBrid
Tomasz Wysocki
Alex Gaynor
Rodolfo Carvalho
Erik Romijn
Baptiste Mispelon
Vajrasky Kok
Loic Bistuer
Christopher Medrela
Ray Ashman Jr
Alasdair Nicol
Alasdair Nicol
Unai Zalakain
Giles Richard Greenway
Simon Charette
Florian Apolloner