diff options
| author | Claude Paroz <claude@2xlibre.net> | 2013-05-23 14:00:17 +0200 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2013-05-23 14:01:27 +0200 |
| commit | b664cb818d2e5896df2763299ea2c61a9af069a8 (patch) | |
| tree | 008713cc92b26d6470b2465b0744aabd359644b3 /docs/ref | |
| parent | 8c2fd050f80f528cc1609c1a7f16901194834831 (diff) | |
Fixed #19237 (again) - Made strip_tags consistent between Python versions
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/utils.txt | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt index 14ae9aa9b8..bf14af0855 100644 --- a/docs/ref/utils.txt +++ b/docs/ref/utils.txt @@ -490,7 +490,7 @@ Atom1Feed Usually you should build up HTML using Django's templates to make use of its autoescape mechanism, using the utilities in :mod:`django.utils.safestring` -where appropriate. This module provides some additional low level utilitiesfor +where appropriate. This module provides some additional low level utilities for escaping HTML. .. function:: escape(text) @@ -564,7 +564,13 @@ escaping HTML. strip_tags(value) If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"`` the - return value will be ``"Joel is a slug"``. + return value will be ``"Joel is a slug"``. Note that ``strip_tags`` result + may still contain unsafe HTML content, so you might use + :func:`~django.utils.html.escape` to make it a safe string. + + .. versionchanged:: 1.6 + + For improved safety, ``strip_tags`` is now parser-based. .. function:: remove_tags(value, tags) |
