diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/internals/deprecation.txt | 3 | ||||
| -rw-r--r-- | docs/ref/templates/builtins.txt | 3 | ||||
| -rw-r--r-- | docs/releases/1.7.txt | 13 |
3 files changed, 19 insertions, 0 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index f64cc53d25..36bc2ee533 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -209,6 +209,9 @@ details on these changes. (``django.contrib.gis.sitemaps.views.index`` and ``django.contrib.gis.sitemaps.views.sitemap``). +* ``django.utils.html.fix_ampersands``, the ``fix_ampersands`` template filter and + ``django.utils.html.clean_html`` will be removed following an accelerated deprecation. + .. _deprecation-removed-in-1.7: 1.7 diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index a5d4c7c26e..bb02187727 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -1582,6 +1582,9 @@ fix_ampersands This is rarely useful as ampersands are automatically escaped. See :tfilter:`escape` for more information. +.. deprecated:: 1.7 + This filter has been deprecated and will be removed in Django 1.8. + Replaces ampersands with ``&`` entities. For example:: diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt index 98b336f630..882fa69dee 100644 --- a/docs/releases/1.7.txt +++ b/docs/releases/1.7.txt @@ -1406,3 +1406,16 @@ strings, you should use ``django.utils.html.escapejs`` or the :tfilter:`escapejs` template filter. If all you need is to generate valid javascript strings, you can simply use ``json.dumps()``. + +``fix_ampersands`` utils method and template filter +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The ``django.utils.html.fix_ampersands`` method and the :tfilter:`fix_ampersands` +template filter are deprecated, as the escaping of ampersands is already taken care +of by Django's standard HTML escaping features. Combining this with ``fix_ampersands`` +would either result in double escaping, or, if the output is assumed to be safe, +a risk of introducing XSS vulnerabilities. Along with ``fix_ampersands``, +``django.utils.html.clean_html`` is deprecated, an undocumented function that calls +``fix_ampersands``. +As this is an accelerated deprecation, ``fix_ampersands`` and ``clean_html`` +will be removed in Django 1.8. |
