summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorFlorian Apolloner <florian@apolloner.eu>2019-07-15 12:00:06 +0200
committerCarlton Gibson <carlton.gibson@noumenal.es>2019-08-01 09:24:54 +0200
commit4b78420d250df5e21763633871e486ee76728cc4 (patch)
tree6227c024865efca0e2d6f5c1f498dc078fd7ea00 /django
parent7f65974f8219729c047fbbf8cd5cc9d80faefe77 (diff)
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
Diffstat (limited to 'django')
-rw-r--r--django/utils/html.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/django/utils/html.py b/django/utils/html.py
index d8fa00dab8..94aa0ff35e 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -181,8 +181,8 @@ def strip_tags(value):
value = str(value)
while '<' in value and '>' in value:
new_value = _strip_once(value)
- if len(new_value) >= len(value):
- # _strip_once was not able to detect more tags
+ if value.count('<') == new_value.count('<'):
+ # _strip_once wasn't able to detect more tags.
break
value = new_value
return value