diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2019-07-15 12:00:06 +0200 |
|---|---|---|
| committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-08-01 09:24:54 +0200 |
| commit | 4b78420d250df5e21763633871e486ee76728cc4 (patch) | |
| tree | 6227c024865efca0e2d6f5c1f498dc078fd7ea00 /django | |
| parent | 7f65974f8219729c047fbbf8cd5cc9d80faefe77 (diff) | |
Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities.
Thanks to Guido Vranken for initial report.
Diffstat (limited to 'django')
| -rw-r--r-- | django/utils/html.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index d8fa00dab8..94aa0ff35e 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -181,8 +181,8 @@ def strip_tags(value): value = str(value) while '<' in value and '>' in value: new_value = _strip_once(value) - if len(new_value) >= len(value): - # _strip_once was not able to detect more tags + if value.count('<') == new_value.count('<'): + # _strip_once wasn't able to detect more tags. break value = new_value return value |
