summaryrefslogtreecommitdiff
path: root/django/utils/html.py
AgeCommit message (Collapse)Author
2024-08-06[5.1.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in ↵Mariusz Felisiak
django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-08-06[5.1.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and ↵Sarah Boyce
urlizetrunc template filters. Thanks to MProgrammer for the report.
2024-07-09[5.1.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and ↵Adam Johnson
urlizetrunc template filters. Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-03-14Refs #30686 -- Made django.utils.html.VOID_ELEMENTS a frozenset.Nick Pope
2023-07-14Refs #30686 -- Moved Parser.SELF_CLOSING_TAGS to django.utils.html.VOID_ELEMENTSDavid Smith
2023-06-06Fixed #34609 -- Deprecated calling format_html() without arguments.devilsautumn
2023-01-18Refs #34233 -- Used str.removeprefix()/removesuffix().Mariusz Felisiak
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-06-28Fixed #33779 -- Allowed customizing encoder class in ↵Hrushikesh Vaidya
django.utils.html.json_script().
2022-02-21Removed unnecessary str type from @keep_lazy decorator for escape()/escapejs().Mariusz Felisiak
2022-02-10Refs #32568 -- Optimized escape() by using SafeString instead of mark_safe().David
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-11-22Fixed #33302 -- Made element_id optional argument for json_script template ↵Baptiste Mispelon
filter. Added versionchanged note in documentation
2021-11-03Refs #33245 -- Minor edits to django.utils.html.urlize() changes.tim-mccurrach
Follow up to ad81b606a2b5276397460a654fc7ad901a54b91e.
2021-11-01Fixed #33245 -- Made django.utils.html.urlize() thread-safe.Timothy McCurrach
Regression in e567670b1abe61af4acfaa6a6a7e92a7acfa8b00.
2021-10-15Fixed #33195 -- Refactored urlize() based on a class.Claude Paroz
This allows easier customization/
2021-10-14Removed unused DOTS list.Claude Paroz
Unused since 4ff389dcdc15884eef059b2b8dea4b710e0a3b98.
2021-07-07Fixed #32866 -- Fixed trimming trailing punctuation from escaped string in ↵Shipeng Feng
urlize().
2019-11-25Removed unused unencoded_ampersands_re regex.Baptiste Mispelon
Unused since 8b81dee60c1533e714a310fa5c3907356042a64c.
2019-10-29Fixed #30899 -- Lazily compiled import time regular expressions.Hasan Ramezani
2019-08-01Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵Florian Apolloner
strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report.
2019-07-03Refs #30608 -- Added django.utils.encoding.punycode().Mariusz Felisiak
2019-07-02Fixed typos in comments and docs.Min ho Kim
2019-04-25Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵Jon Dufresne
html.escape()/unescape().
2019-02-06Refs #27753 -- Favored SafeString over SafeText.Tim Graham
2018-10-12Simplified django.utils.html.urlize().Tim Graham
2018-10-12Refs #29826 -- Removed unused characters from urlize configuration.Tim Graham
The HTML characters are unused because urlize is meant to be applied to plain text and these characters aren't properly detected (refs #29826). Angle brackets and quotes are present in word_split_re and therefore won't be used in WRAPPING_PUNCTUATION.
2018-09-28Refs #28909 -- Simplifed code using unpacking generalizations.Sergey Fedoseev
2018-09-26Refs #29784 -- Switched to https:// links where available.Jon Dufresne
2018-08-21Fixed #29654 -- Made text truncation an ellipsis character instead of three ↵Claude Paroz
dots. Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-03-06Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and ↵Tim Graham
urlizetrunc template filters. Thanks Florian Apolloner for assisting with the patch.
2018-02-09Refs #27795 -- Replaced force_text() calls with str() in django.utils.html.Jon Dufresne
2018-02-07Fixed #17419 -- Added json_tag template filter.Jonas Haag
2018-01-21Fixed #29038 -- Removed closing slash from HTML void tags.Jon Dufresne
2017-12-07Refs #23919 -- Replaced super() calls for old-style classes.Nick Pope
2017-10-13Improved performance of utils.html.escape().Tom
2017-09-25Fixed #27857 -- Dropped support for Python 3.4.Tim Graham
2017-04-27Refs #27795 -- Replaced many force_text() with str()Claude Paroz
Thanks Tim Graham for the review.
2017-03-04Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals.Tim Graham
2017-02-11Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.Anton Samarchyan
2017-02-02Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escapeClaude Paroz
2017-01-21Refs #23919 -- Removed misc references to Python 2.Tim Graham
2017-01-20Refs #23919 -- Removed unneeded str() callsClaude Paroz
2017-01-20Refs #23919 -- Removed unneeded force_str callsClaude Paroz
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-14Fixed E305 flake8 warnings.Ramin Farajpour Cami
2016-09-23Removed unused regexes from django.utils.html.Jon Dufresne
Last uses removed in commit 8b81dee60c1533e714a310fa5c3907356042a64c.