diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2023-09-19 09:51:48 -0300 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2023-10-04 09:38:26 -0300 |
| commit | 8124c42601b9abfeb234056092a62a22a22107cb (patch) | |
| tree | be47b09b56cfe59215b82d052727d0ad23abf03c /docs/ref | |
| parent | 5c0df9953b6a9a70b143cfeae0a3f812b52be47b (diff) | |
[5.0.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.
Thanks Wenchao Li of Alibaba Group for the report.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/templates/builtins.txt | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 65579677ca..536f9259bc 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -2676,6 +2676,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be Newlines in the HTML content will be preserved. +.. admonition:: Size of input string + + Processing large, potentially malformed HTML strings can be + resource-intensive and impact service performance. ``truncatechars_html`` + limits input to the first five million characters. + +.. versionchanged:: 3.2.22 + + In older versions, strings over five million characters were processed. + .. templatefilter:: truncatewords ``truncatewords`` @@ -2718,6 +2728,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be Newlines in the HTML content will be preserved. +.. admonition:: Size of input string + + Processing large, potentially malformed HTML strings can be + resource-intensive and impact service performance. ``truncatewords_html`` + limits input to the first five million characters. + +.. versionchanged:: 3.2.22 + + In older versions, strings over five million characters were processed. + .. templatefilter:: unordered_list ``unordered_list`` |
