summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorNatalia <124304+nessita@users.noreply.github.com>2023-09-19 09:51:48 -0300
committerNatalia <124304+nessita@users.noreply.github.com>2023-10-04 09:38:26 -0300
commit8124c42601b9abfeb234056092a62a22a22107cb (patch)
treebe47b09b56cfe59215b82d052727d0ad23abf03c /docs/ref
parent5c0df9953b6a9a70b143cfeae0a3f812b52be47b (diff)
[5.0.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
Thanks Wenchao Li of Alibaba Group for the report.
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/templates/builtins.txt20
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
index 65579677ca..536f9259bc 100644
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@@ -2676,6 +2676,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
Newlines in the HTML content will be preserved.
+.. admonition:: Size of input string
+
+ Processing large, potentially malformed HTML strings can be
+ resource-intensive and impact service performance. ``truncatechars_html``
+ limits input to the first five million characters.
+
+.. versionchanged:: 3.2.22
+
+ In older versions, strings over five million characters were processed.
+
.. templatefilter:: truncatewords
``truncatewords``
@@ -2718,6 +2728,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
Newlines in the HTML content will be preserved.
+.. admonition:: Size of input string
+
+ Processing large, potentially malformed HTML strings can be
+ resource-intensive and impact service performance. ``truncatewords_html``
+ limits input to the first five million characters.
+
+.. versionchanged:: 3.2.22
+
+ In older versions, strings over five million characters were processed.
+
.. templatefilter:: unordered_list
``unordered_list``