summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2025-02-21 16:47:59 +0100
committerSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2025-02-24 08:59:00 +0100
commit11243cc8f3b8a60a73e5b9ed2d9c56b4632fc3a3 (patch)
treed4627f17792ba7d798972384cabbc0c8a52168e9 /docs/ref
parentb80288a16d306c38732706b7847ec7e9dd3f55e8 (diff)
[5.1.x] Added security guideline on reasonable size limitations when rendering content via the DTL.
This also removes the need to add warnings for every Django template filter. Backport of 582ba18d56167587e290545f113d3956e73a5801 from main.
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/templates/builtins.txt11
1 files changed, 0 insertions, 11 deletions
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
index 7d2cf93085..b6e00eb9b1 100644
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@@ -2932,17 +2932,6 @@ Django's built-in :tfilter:`escape` filter. The default value for
email addresses that contain single quotes (``'``), things won't work as
expected. Apply this filter only to plain text.
-.. warning::
-
- Using ``urlize`` or ``urlizetrunc`` can incur a performance penalty, which
- can become severe when applied to user controlled values such as content
- stored in a :class:`~django.db.models.TextField`. You can use
- :tfilter:`truncatechars` to add a limit to such inputs:
-
- .. code-block:: html+django
-
- {{ value|truncatechars:500|urlize }}
-
.. templatefilter:: urlizetrunc
``urlizetrunc``