summaryrefslogtreecommitdiff
path: root/django/utils/html.py
AgeCommit message (Collapse)Author
2018-10-12Simplified django.utils.html.urlize().Tim Graham
2018-10-12Refs #29826 -- Removed unused characters from urlize configuration.Tim Graham
The HTML characters are unused because urlize is meant to be applied to plain text and these characters aren't properly detected (refs #29826). Angle brackets and quotes are present in word_split_re and therefore won't be used in WRAPPING_PUNCTUATION.
2018-09-28Refs #28909 -- Simplifed code using unpacking generalizations.Sergey Fedoseev
2018-09-26Refs #29784 -- Switched to https:// links where available.Jon Dufresne
2018-08-21Fixed #29654 -- Made text truncation an ellipsis character instead of three ↵Claude Paroz
dots. Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-03-06Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and ↵Tim Graham
urlizetrunc template filters. Thanks Florian Apolloner for assisting with the patch.
2018-02-09Refs #27795 -- Replaced force_text() calls with str() in django.utils.html.Jon Dufresne
2018-02-07Fixed #17419 -- Added json_tag template filter.Jonas Haag
2018-01-21Fixed #29038 -- Removed closing slash from HTML void tags.Jon Dufresne
2017-12-07Refs #23919 -- Replaced super() calls for old-style classes.Nick Pope
2017-10-13Improved performance of utils.html.escape().Tom
2017-09-25Fixed #27857 -- Dropped support for Python 3.4.Tim Graham
2017-04-27Refs #27795 -- Replaced many force_text() with str()Claude Paroz
Thanks Tim Graham for the review.
2017-03-04Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals.Tim Graham
2017-02-11Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.Anton Samarchyan
2017-02-02Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escapeClaude Paroz
2017-01-21Refs #23919 -- Removed misc references to Python 2.Tim Graham
2017-01-20Refs #23919 -- Removed unneeded str() callsClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded force_str callsClaude Paroz
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-14Fixed E305 flake8 warnings.Ramin Farajpour Cami
2016-09-23Removed unused regexes from django.utils.html.Jon Dufresne
Last uses removed in commit 8b81dee60c1533e714a310fa5c3907356042a64c.
2016-09-17Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.Tim Graham
http://bugs.python.org/issue27364
2016-04-08Fixed E128 flake8 warnings in django/.Tim Graham
2016-02-15Fixed #26193 -- Made urlize() trim multiple trailing punctuation.Jon Dufresne
2015-12-12Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().Iacopo Spalletti
Thanks to bmispelon and uruz for the initial patch.
2015-09-23Refs #23269 -- Removed the removetags template tag and related functions per ↵Tim Graham
deprecation timeline.
2015-08-31Fixed #25331 -- Removed trailing blank lines in docstrings.Maxime Lorant
2015-06-24Renamed RemovedInDjangoXYWarnings for new roadmap.Tim Graham
Forwardport of ae1d663b7913f6da233c55409c4973248372d302 from stable/1.8.x plus more.
2015-06-15Fixed flake8 warnings on Python 3.Tim Graham
2015-03-27Fixed #24469 -- Refined escaping of Django's form elements in non-Django ↵Moritz Sichert
templates.
2015-03-18Fixed an infinite loop possibility in strip_tags().Tim Graham
This is a security fix; disclosure to follow shortly.
2015-03-10Fixed #24471 -- Enhanced urlize regex to exclude quotes and angle brackets.Tim Graham
2015-03-10Fixed escaping regression in urlize filter.Tim Graham
Now that the URL is always unescaped as of refs #22267, we should re-escape it before inserting it into the anchor.
2015-03-06Fixed urlize regression with entities in query stringsClaude Paroz
Refs #22267. Thanks Shai Berger for spotting the issue and Tim Graham for the initial patch.
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2015-01-17Removed compatibility with Python 3.2.Tim Graham
2014-12-27Fixed #23831 -- Supported strings escaped by third-party libs in Django.Aymeric Augustin
Refs #7261 -- Made strings escaped by Django usable in third-party libs. The changes in mark_safe and mark_for_escaping are straightforward. The more tricky part is to handle correctly objects that implement __html__. Historically escape() has escaped SafeData. Even if that doesn't seem a good behavior, changing it would create security concerns. Therefore support for __html__() was only added to conditional_escape() where this concern doesn't exist. Then using conditional_escape() instead of escape() in the Django template engine makes it understand data escaped by other libraries. Template filter |escape accounts for __html__() when it's available. |force_escape forces the use of Django's HTML escaping implementation. Here's why the change in render_value_in_context() is safe. Before Django 1.7 conditional_escape() was implemented as follows: if isinstance(text, SafeData): return text else: return escape(text) render_value_in_context() never called escape() on SafeData. Therefore replacing escape() with conditional_escape() doesn't change the autoescaping logic as it was originally intended. This change should be backported to Django 1.7 because it corrects a feature added in Django 1.7. Thanks mitsuhiko for the report.
2014-12-08Fixed #23968 -- Replaced list comprehension with generators and dict ↵Jon Dufresne
comprehension
2014-12-03Removed redundant numbered parameters from str.format().Berker Peksag
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-10-31Fixed #23715 -- Prevented urlize from treating a trailing ! as part of an URLMarkus Holtermann
Thanks to 57even for the report.
2014-10-20Fixed #20221 -- Allowed some functions that use mark_safe() to result in ↵Jon Dufresne
SafeText. Thanks Baptiste Mispelon for the report.
2014-09-09Fixed flake8 warnings.Tim Graham
2014-09-09Fixed urlize after smart_urlquote rewriteClaude Paroz
Refs #22267.
2014-09-09Fixed #22267 -- Fixed unquote/quote in smart_urlquoteClaude Paroz
Thanks Md. Enzam Hossain for the report and initial patch, and Tim Graham for the review.
2014-09-05Limited lines to 119 characters in django/Tim Graham
refs #23395.
2014-08-15Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.Tim Graham
Also the unused, undocumented django.utils.html.strip_entities() function.