summaryrefslogtreecommitdiff
path: root/django/utils/text.py
AgeCommit message (Collapse)Author
2025-03-06[5.2.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template ↵Sarah Boyce
filter. Thanks sw0rd1ight for the report. Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main.
2024-02-15Refs #30686 -- Removed unused regexes in django.utils.text.Mariusz Felisiak
Unused since 6ee37ada3241ed263d8d1c2901b030d964cbd161.
2024-02-07Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator.David Smith
2024-02-07Refs #30686 -- Fixed text truncation for negative or zero lengths.David Smith
2023-10-04Fixed CVE-2023-43665 -- Mitigated potential DoS in ↵Natalia
django.utils.text.Truncator when truncating HTML text. Thanks Wenchao Li of Alibaba Group for the report.
2023-07-14Refs #30686 -- Moved add_truncation_text() helper to a module level.David Smith
2022-12-17Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware.Andreas Pelme
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-12-30Refs #27753 -- Removed unused django.utils.text._replace_entity() and ↵Mariusz Felisiak
_entity_re. Unused since 157ab32f3446da7fa1f9d716509c290069a2a156.
2021-12-14Fixed unescape_string_literal() crash on empty strings.Florian Apolloner
2021-06-21Fixed #32859 -- Simplified compress_string() by using gzip.compress().Illia Volochii
2021-05-04Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner
2021-03-23Optimized django.utils.text.capfirst().Nick Pope
Unconditionally coercing to str type twice is expensive.
2021-01-14Refs #27753 -- Removed django.utils.text.unescape_entities() per deprecation ↵Mariusz Felisiak
timeline.
2020-05-29Fixed #28694 -- Made django.utils.text.slugify() strip dashes and underscores.David Smith
2020-05-29Corrected slugify()'s docstring.David Smith
2020-05-11Refs #30116 -- Simplified regex match group access with Match.__getitem__().Jon Dufresne
The method has been available since Python 3.6. The shorter syntax is also marginally faster.
2019-12-30Fixed #30892 -- Fixed slugify() and admin's URLify.js for "İ".Sjbrgsn
Thanks Luis Nell for the implementation idea and very detailed report. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-10-29Fixed #30899 -- Lazily compiled import time regular expressions.Hasan Ramezani
2019-08-01Removed unneeded ValueError catching in django.utils.text._replace_entity().Jon Dufresne
The html.entities.name2codepoint dict contains only valid Unicode codepoints. Either the key exists and chr() will succeed or the key does not exist.
2019-08-01Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when ↵Florian Apolloner
truncating HTML. Thanks to Guido Vranken for initial report.
2019-05-08Refs #27753 -- Deprecated django.utils.text.unescape_entities().Jon Dufresne
The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4.
2018-10-04Simplified utils.text.StreamingBuffer.Sergey Fedoseev
2018-09-25Normalized spelling of "lowercase" and "lowercased".Jon Dufresne
2018-08-21Fixed #29654 -- Made text truncation an ellipsis character instead of three ↵Claude Paroz
dots. Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review.
2018-07-20Fixed #29412 -- Stopped marking slugify() result as HTML safe.Claude Paroz
2018-03-06Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in ↵Tim Graham
django.utils.text.Truncator. Thanks James Davis for suggesting the fix.
2017-12-04Fixed #28860 -- Removed unnecessary len() calls.Дилян Палаузов
2017-04-27Refs #27795 -- Replaced many force_text() with str()Claude Paroz
Thanks Tim Graham for the review.
2017-04-10Removed duplicate lines in slugify().Jon Dufresne
2017-03-04Refs #27795 -- Removed unneeded force_text callsClaude Paroz
Thanks Tim Graham for the review.
2017-02-11Refs #27656 -- Updated django.utils docstring verbs according to PEP 257.Anton Samarchyan
2017-02-07Converted usage of ugettext* functions to their gettext* aliasesClaude Paroz
Thanks Tim Graham for the review.
2017-01-26Refs #23919, #27778 -- Removed obsolete mentions of unicode.Vytis Banaitis
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-21Refs #23919 -- Removed re.U and re.UNICODE (default on Python 3).Mariusz Felisiak
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-14Fixed E305 flake8 warnings.Ramin Farajpour Cami
2016-11-14Decorated a few functions.Tim Graham
2016-10-14Refs #19705 -- Changed gzip modification times to 0.Kevin Christopher Henry
This makes gzip output deterministic, which allows ConditionalGetMiddleware to reliably compare ETags on gzipped content (views using the gzip_page() decorator in particular).
2016-09-17Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.Tim Graham
http://bugs.python.org/issue27364
2016-08-24Fixed #26866 -- Added format_lazy functionMattias Loverot
Added format_lazy function to django.utils.text module. Useful when dealing with relative complex lazy string concatenations (e.g. in urls.py when translating urls in regular expressions).
2016-08-04Fixed #27020 -- Used a context manager to close files.Ville Skyttä
2016-04-08Fixed E128 flake8 warnings in django/.Tim Graham
2016-01-25Fixed #26125 -- Fixed E731 flake warnings.userimack
2015-12-12Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy().Iacopo Spalletti
Thanks to bmispelon and uruz for the initial patch.