8d76443aba
Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().
2019-04-25 15:09:07 +02:00
7e3bf2662b
Removed default mode='r' argument from calls to open().
2019-01-27 17:41:43 -05:00
a7ef4a56e0
Fixed #29920 -- Added a test for smart_urlquote()'s UnicodeError branch.
2018-11-09 12:39:08 -05:00
82f286cf6f
Refs #29784 -- Switched to https:// links where available.
2018-09-26 08:48:47 +02:00
911af0d24b
Added more tests for django.utils.html.urlize().
2018-03-06 08:30:41 -05:00
8618271caa
Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and urlizetrunc template filters.
...
Thanks Florian Apolloner for assisting with the patch.
2018-03-06 08:30:40 -05:00
b832de869e
Added tests for utils.html.urlize() (lazy string inputs were untested).
2018-02-10 15:45:57 -05:00
8c709d79cb
Fixed #17419 -- Added json_tag template filter.
2018-02-07 18:38:12 -05:00
ff05de760c
Fixed #29038 -- Removed closing slash from HTML void tags.
2018-01-21 02:09:10 -05:00
6ae1b04fb5
Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals.
2017-03-04 09:04:16 -05:00
a21ec12409
Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape
2017-02-02 21:01:39 +01:00
f8d52521ab
Refs #27804 -- Used subTest() in tests.utils_tests.test_html.
2017-02-02 08:17:00 -05:00
2af8cd22a9
Imported specific functions in tests.utils_tests.test_html.
2017-02-02 07:23:10 -05:00
2366100872
Removed unneeded force_text calls in the test suite
2017-01-24 18:45:54 +01:00
4e729feaa6
Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
...
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
d693074d43
Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().
...
Thanks to bmispelon and uruz for the initial patch.
2015-12-12 14:46:48 -05:00
222d063301
Refs #23269 -- Removed the removetags template tag and related functions per deprecation timeline.
2015-09-23 19:31:09 -04:00
b1e33ceced
Fixed #23395 -- Limited line lengths to 119 characters.
2015-09-12 11:40:50 -04:00
aaacaeb096
Renamed RemovedInDjangoXYWarnings for new roadmap.
...
Forwardport of ae1d663b79
2015-06-24 16:08:20 -04:00
1f2abf784a
Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.
2015-03-27 19:46:20 -04:00
1c83fc88d6
Fixed an infinite loop possibility in strip_tags().
...
This is a security fix; disclosure to follow shortly.
2015-03-18 19:20:07 -04:00
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
51890ce889
Applied ignore_warnings to Django tests
2014-12-30 18:16:25 +01:00
560b4207b1
Removed redundant numbered parameters from str.format().
...
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-12-03 14:27:38 -05:00
b9d9287f59
Fixed urlize after smart_urlquote rewrite
...
Refs #22267 .
2014-09-09 21:59:35 +02:00
4b8a1d2c0d
Fixed #22267 -- Fixed unquote/quote in smart_urlquote
...
Thanks Md. Enzam Hossain for the report and initial patch, and
Tim Graham for the review.
2014-09-09 21:58:07 +02:00
e122facbd8
Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.
...
Also the unused, undocumented django.utils.html.strip_entities() function.
2014-08-15 08:20:02 -04:00
6a0291bdaf
Tweaked strip_tags tests to pass on Python 3.3
2014-03-22 14:43:11 +01:00
6ca6c36f82
Improved strip_tags and clarified documentation
...
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
2014-03-22 10:59:18 +01:00
8b81dee60c
Removed fix_ampersands template filter per deprecation timeline.
...
Also removed related utility functions:
* django.utils.html.fix_ampersands
* django.utils.html.clean_html
2014-03-21 08:50:43 -04:00
210d0489c5
Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings
...
Thanks Anssi Kääriäinen for the idea and Simon Charette for the
review.
2014-03-08 09:57:40 +01:00
775975f15d
Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html()
2014-03-01 14:07:57 +01:00
9d740eb8b1
Fix all violators of E231
2013-10-26 12:15:03 -07:00
a800036981
Fixed #21287 -- Fixed E123 pep8 warnings
2013-10-18 10:07:39 +01:00
af64429b99
Fixed #7261 -- support for __html__ for library interoperability
...
The idea is that if an object implements __html__ which returns a string this is
used as HTML representation (eg: on escaping). If the object is a str or unicode
subclass and returns itself the object is a safe string type.
This is an updated patch based on jbalogh and ivank patches.
2013-10-15 00:42:42 +02:00
b70c371fc1
Simplified smart_urlquote and added some basic tests.
2013-07-28 10:05:39 +02:00
cfcf4b3605
Stopped using django.utils.unittest in the test suite.
...
Refs #20680 .
2013-07-01 14:29:33 +02:00
b664cb818d
Fixed #19237 (again) - Made strip_tags consistent between Python versions
2013-05-23 14:01:27 +02:00
dc51ec8bc2
Fixed #19237 -- Used HTML parser to strip tags
...
The regex method used until now for the strip_tags utility is fast,
but subject to flaws and security issues. Consensus and good
practice lead use to use a slower but safer method.
2013-05-22 17:34:02 +02:00
612ef3e5c9
Modified utils_tests for unittest2 discovery.
2013-04-12 15:31:58 -06:00
Jon Dufresne
Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి)
Tim Graham
Jonas Haag
Claude Paroz
Simon Charette
za
Iacopo Spalletti
Dražen Odobašić
Moritz Sichert
Berker Peksag
Erik Romijn
Alex Gaynor
Alasdair Nicol
Unai Zalakain
Florian Apolloner
Aymeric Augustin
Preston Timmons