django.git/django/utils/html.py, branch maindjango
http://cgit.adnoto.dev/django.git/atom?h=main2025-12-17T17:15:18ZFixed #32568 -- Replaced mark_safe() with SafeString for literal values.2025-12-17T17:15:18ZPravin Kambleiampbkamble@gmail.com2025-12-17T16:14:48Zurn:sha1:4774adfaa18391854bb5449b4bcb0e9ab5e66b73
Replaced instances of mark_safe('some string literal') with
SafeString to avoid the overhead of managing lazy objects.
Thanks Tim McCurrach for the idea and David Smith and Jacob Walls
for reviews.
Fixed #36737 -- Escaped further control characters in escapejs.2025-11-20T14:35:59Zfarthestmagearnavkamboj511@gmail.com2025-11-17T10:26:50Zurn:sha1:07419875685997a30cd281396e0dc867e98aefe3Fixed #36705 -- Avoided string concatenation in utils.2025-11-07T19:06:42ZKasyap Pentamarajuvpentamaraju@webmd.net2025-11-03T17:27:53Zurn:sha1:1c7db70e79dce82f50d5958da64ab8e2807a31df
Repeated string concatenation performs poorly on PyPy.
Thanks Seokchan Yoon for the report.
Fixed #36710 -- Fixed a regression in urlize for multipart domain names.2025-11-05T22:05:54ZMehraz Hossain Rumman59512321+MehrazRumman@users.noreply.github.com2025-11-05T22:05:54Zurn:sha1:125b63ca745bace1e098ed3c7362d59136f68a8b
Thanks Mehraz Hossain Rumman for the report and Bruno Alla for the triage.
Regression in a9fe98d5bd4212d069afe8316101984aadecfbb2.Fixed #35533 -- Prevented urlize creating broken links given a markdown link input.2025-08-28T06:54:56ZSaJHwogur981208@gmail.com2025-08-27T14:25:43Zurn:sha1:a9fe98d5bd4212d069afe8316101984aadecfbb2
Signed-off-by: SaJH <wogur981208@gmail.com>
Refs #36500 -- Rewrapped long docstrings and block comments via a script.2025-07-23T23:17:55Zdjango-botops@djangoproject.com2025-07-23T03:41:41Zurn:sha1:69a93a88edb56ba47f624dac7a21aacc47ea474f
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags().2025-05-07T01:21:42ZSarah Boyce42296566+sarahboyce@users.noreply.github.com2025-04-08T14:30:17Zurn:sha1:9f3419b519799d69f2aba70b9d25abe2e70d03e0
Thanks to Elias Myllymäki for the report, and Shai Berger and Jake
Howard for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Fixed CVE-2025-27556 -- Mitigated potential DoS in url_has_allowed_host_and_scheme() on Windows.2025-04-02T08:21:33ZSarah Boyce42296566+sarahboyce@users.noreply.github.com2025-03-06T14:24:56Zurn:sha1:39e2297210d9d2938c75fc911d45f0e863dc4821
Thank you sw0rd1ight for the report.
Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and urlizetrunc.2025-03-19T13:28:42ZAhmed Nassara.moh.nassar00@gmail.com2025-03-08T14:35:10Zurn:sha1:ec7044c706f48f5ab3d9e4c35e4078b9f9dcaaf2Fixed #36013 -- Removed use of IDNA-2003 in django.utils.html.2025-01-23T09:38:15ZMike Edmundsmedmunds@gmail.com2024-12-15T00:54:42Zurn:sha1:29ba75e6e57414f0e6f9528d08a520b8b931fb28
Removed obsolete and potentially problematic IDNA 2003 ("punycode")
encoding of international domain names in smart_urlquote() and Urlizer,
which are used (only) by AdminURLFieldWidget and the urlize/urlizetrunc
template filters. Changed to use percent-encoded UTF-8, which defers
IDNA details to the browser (like other URLs rendered by Django).