diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-02-21 16:47:59 +0100 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-02-24 08:59:00 +0100 |
| commit | 11243cc8f3b8a60a73e5b9ed2d9c56b4632fc3a3 (patch) | |
| tree | d4627f17792ba7d798972384cabbc0c8a52168e9 /docs/ref | |
| parent | b80288a16d306c38732706b7847ec7e9dd3f55e8 (diff) | |
[5.1.x] Added security guideline on reasonable size limitations when rendering content via the DTL.
This also removes the need to add warnings for every Django template filter.
Backport of 582ba18d56167587e290545f113d3956e73a5801 from main.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/templates/builtins.txt | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 7d2cf93085..b6e00eb9b1 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -2932,17 +2932,6 @@ Django's built-in :tfilter:`escape` filter. The default value for email addresses that contain single quotes (``'``), things won't work as expected. Apply this filter only to plain text. -.. warning:: - - Using ``urlize`` or ``urlizetrunc`` can incur a performance penalty, which - can become severe when applied to user controlled values such as content - stored in a :class:`~django.db.models.TextField`. You can use - :tfilter:`truncatechars` to add a limit to such inputs: - - .. code-block:: html+django - - {{ value|truncatechars:500|urlize }} - .. templatefilter:: urlizetrunc ``urlizetrunc`` |
