summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJon Dufresne <jon.dufresne@gmail.com>2019-04-24 04:30:34 -0700
committerCarlton Gibson <carlton.gibson@noumenal.es>2019-04-25 15:09:07 +0200
commit8d76443aba863b75ad3b1392ca7e1d59bad84dc4 (patch)
tree1e550f8ebb06a935bd8a15496d049f54c54eded2 /docs
parent28d5262fa3315690395f04e3619ed554dbaf725b (diff)
Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use html.escape()/unescape().
Diffstat (limited to 'docs')
-rw-r--r--docs/intro/tutorial05.txt2
-rw-r--r--docs/ref/templates/builtins.txt2
-rw-r--r--docs/ref/templates/language.txt2
-rw-r--r--docs/ref/utils.txt5
-rw-r--r--docs/releases/3.0.txt4
5 files changed, 12 insertions, 3 deletions
diff --git a/docs/intro/tutorial05.txt b/docs/intro/tutorial05.txt
index 42891a6ecd..c59a0db155 100644
--- a/docs/intro/tutorial05.txt
+++ b/docs/intro/tutorial05.txt
@@ -387,7 +387,7 @@ With that ready, we can ask the client to do some work for us::
>>> response.status_code
200
>>> response.content
- b'\n <ul>\n \n <li><a href="/polls/1/">What&#39;s up?</a></li>\n \n </ul>\n\n'
+ b'\n <ul>\n \n <li><a href="/polls/1/">What&#x27;s up?</a></li>\n \n </ul>\n\n'
>>> response.context['latest_question_list']
<QuerySet [<Question: What's up?>]>
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
index 9509377a24..cd5476fd6f 100644
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@@ -1603,7 +1603,7 @@ Escapes a string's HTML. Specifically, it makes these replacements:
* ``<`` is converted to ``&lt;``
* ``>`` is converted to ``&gt;``
-* ``'`` (single quote) is converted to ``&#39;``
+* ``'`` (single quote) is converted to ``&#x27;``
* ``"`` (double quote) is converted to ``&quot;``
* ``&`` is converted to ``&amp;``
diff --git a/docs/ref/templates/language.txt b/docs/ref/templates/language.txt
index 1287f012c2..33687fc49d 100644
--- a/docs/ref/templates/language.txt
+++ b/docs/ref/templates/language.txt
@@ -492,7 +492,7 @@ escaped:
* ``<`` is converted to ``&lt;``
* ``>`` is converted to ``&gt;``
-* ``'`` (single quote) is converted to ``&#39;``
+* ``'`` (single quote) is converted to ``&#x27;``
* ``"`` (double quote) is converted to ``&quot;``
* ``&`` is converted to ``&amp;``
diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt
index 5f03dc66e4..b36282048f 100644
--- a/docs/ref/utils.txt
+++ b/docs/ref/utils.txt
@@ -584,6 +584,11 @@ escaping HTML.
for use in HTML. The input is first coerced to a string and the output has
:func:`~django.utils.safestring.mark_safe` applied.
+ .. versionchanged:: 3.0
+
+ In older versions, ``'`` is converted to its decimal code ``&#39;``
+ instead of the equivalent hex code ``&#x27;``.
+
.. function:: conditional_escape(text)
Similar to ``escape()``, except that it doesn't operate on pre-escaped
diff --git a/docs/releases/3.0.txt b/docs/releases/3.0.txt
index b279f9a451..2ee02206a1 100644
--- a/docs/releases/3.0.txt
+++ b/docs/releases/3.0.txt
@@ -348,6 +348,10 @@ Miscellaneous
the session and :func:`django.contrib.auth.logout` no longer preserves the
session's language after logout.
+* :func:`django.utils.html.escape` now uses :func:`html.escape` to escape HTML.
+ This converts ``'`` to ``&#x27;`` instead of the previous equivalent decimal
+ code ``&#39;``.
+
.. _deprecated-features-3.0:
Features deprecated in 3.0