| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-03-09 | Fixed #36293 -- Avoided buffering streaming responses in GZipMiddleware. | farhan | |
| This avoids latency and/or blocking. The example of streaming a CSV file was rewritten to employ batching for greater efficiency in all layers (db, HTTP, etc.). The improved performance from batching should outweigh the drag introduced by an additional byte for each flush. Co-authored-by: huoyinghui <huoyinghui@users.noreply.github.com> | |||
| 2026-02-25 | Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit ↵ | Natalia | |
| references from HTML truncation docs. | |||
| 2026-02-03 | Fixed CVE-2026-1285 -- Mitigated potential DoS in ↵ | Natalia | |
| django.utils.text.Truncator for HTML input. The `TruncateHTMLParser` used `deque.remove()` to remove tags from the stack when processing end tags. With crafted input containing many unmatched end tags, this caused repeated full scans of the tag stack, leading to quadratic time complexity. The fix uses LIFO semantics, only removing a tag from the stack when it matches the most recently opened tag. This avoids linear scans for unmatched end tags and reduces complexity to linear time. Refs #30686 and 6ee37ada3241ed263d8d1c2901b030d964cbd161. Thanks Seokchan Yoon for the report, and Jake Howard and Jacob Walls for reviews. | |||
| 2025-11-07 | Fixed #36705 -- Avoided string concatenation in utils. | Kasyap Pentamaraju | |
| Repeated string concatenation performs poorly on PyPy. Thanks Seokchan Yoon for the report. | |||
| 2025-10-21 | Fixed #36656 -- Avoided truncating async streaming responses in GZipMiddleware. | Adam Johnson | |
| 2025-04-23 | Fixed #36341 -- Preserved whitespaces in wordwrap template filter. | Matti Pohjanvirta | |
| Regression in 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b. This work improves the django.utils.text.wrap() function to ensure that empty lines and lines with whitespace only are kept instead of being dropped. Thanks Matti Pohjanvirta for the report and fix. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2025-03-06 | Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template filter. | Sarah Boyce | |
| Thanks sw0rd1ight for the report. | |||
| 2024-02-15 | Refs #30686 -- Removed unused regexes in django.utils.text. | Mariusz Felisiak | |
| Unused since 6ee37ada3241ed263d8d1c2901b030d964cbd161. | |||
| 2024-02-07 | Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator. | David Smith | |
| 2024-02-07 | Refs #30686 -- Fixed text truncation for negative or zero lengths. | David Smith | |
| 2023-10-04 | Fixed CVE-2023-43665 -- Mitigated potential DoS in ↵ | Natalia | |
| django.utils.text.Truncator when truncating HTML text. Thanks Wenchao Li of Alibaba Group for the report. | |||
| 2023-07-14 | Refs #30686 -- Moved add_truncation_text() helper to a module level. | David Smith | |
| 2022-12-17 | Fixed #34170 -- Implemented Heal The Breach (HTB) in GzipMiddleware. | Andreas Pelme | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-12-30 | Refs #27753 -- Removed unused django.utils.text._replace_entity() and ↵ | Mariusz Felisiak | |
| _entity_re. Unused since 157ab32f3446da7fa1f9d716509c290069a2a156. | |||
| 2021-12-14 | Fixed unescape_string_literal() crash on empty strings. | Florian Apolloner | |
| 2021-06-21 | Fixed #32859 -- Simplified compress_string() by using gzip.compress(). | Illia Volochii | |
| 2021-05-04 | Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. | Florian Apolloner | |
| 2021-03-23 | Optimized django.utils.text.capfirst(). | Nick Pope | |
| Unconditionally coercing to str type twice is expensive. | |||
| 2021-01-14 | Refs #27753 -- Removed django.utils.text.unescape_entities() per deprecation ↵ | Mariusz Felisiak | |
| timeline. | |||
| 2020-05-29 | Fixed #28694 -- Made django.utils.text.slugify() strip dashes and underscores. | David Smith | |
| 2020-05-29 | Corrected slugify()'s docstring. | David Smith | |
| 2020-05-11 | Refs #30116 -- Simplified regex match group access with Match.__getitem__(). | Jon Dufresne | |
| The method has been available since Python 3.6. The shorter syntax is also marginally faster. | |||
| 2019-12-30 | Fixed #30892 -- Fixed slugify() and admin's URLify.js for "İ". | Sjbrgsn | |
| Thanks Luis Nell for the implementation idea and very detailed report. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-10-29 | Fixed #30899 -- Lazily compiled import time regular expressions. | Hasan Ramezani | |
| 2019-08-01 | Removed unneeded ValueError catching in django.utils.text._replace_entity(). | Jon Dufresne | |
| The html.entities.name2codepoint dict contains only valid Unicode codepoints. Either the key exists and chr() will succeed or the key does not exist. | |||
| 2019-08-01 | Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues when ↵ | Florian Apolloner | |
| truncating HTML. Thanks to Guido Vranken for initial report. | |||
| 2019-05-08 | Refs #27753 -- Deprecated django.utils.text.unescape_entities(). | Jon Dufresne | |
| The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4. | |||
| 2018-10-04 | Simplified utils.text.StreamingBuffer. | Sergey Fedoseev | |
| 2018-09-25 | Normalized spelling of "lowercase" and "lowercased". | Jon Dufresne | |
| 2018-08-21 | Fixed #29654 -- Made text truncation an ellipsis character instead of three ↵ | Claude Paroz | |
| dots. Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review. | |||
| 2018-07-20 | Fixed #29412 -- Stopped marking slugify() result as HTML safe. | Claude Paroz | |
| 2018-03-06 | Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in ↵ | Tim Graham | |
| django.utils.text.Truncator. Thanks James Davis for suggesting the fix. | |||
| 2017-12-04 | Fixed #28860 -- Removed unnecessary len() calls. | Дилян Палаузов | |
| 2017-04-27 | Refs #27795 -- Replaced many force_text() with str() | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-04-10 | Removed duplicate lines in slugify(). | Jon Dufresne | |
| 2017-03-04 | Refs #27795 -- Removed unneeded force_text calls | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-02-11 | Refs #27656 -- Updated django.utils docstring verbs according to PEP 257. | Anton Samarchyan | |
| 2017-02-07 | Converted usage of ugettext* functions to their gettext* aliases | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-26 | Refs #23919, #27778 -- Removed obsolete mentions of unicode. | Vytis Banaitis | |
| 2017-01-25 | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | |
| 2017-01-21 | Refs #23919 -- Removed re.U and re.UNICODE (default on Python 3). | Mariusz Felisiak | |
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed most of remaining six usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed six.<various>_types usage | Claude Paroz | |
| Thanks Tim Graham and Simon Charette for the reviews. | |||
| 2017-01-18 | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | |
| 2016-11-14 | Fixed E305 flake8 warnings. | Ramin Farajpour Cami | |
| 2016-11-14 | Decorated a few functions. | Tim Graham | |
| 2016-10-14 | Refs #19705 -- Changed gzip modification times to 0. | Kevin Christopher Henry | |
| This makes gzip output deterministic, which allows ConditionalGetMiddleware to reliably compare ETags on gzipped content (views using the gzip_page() decorator in particular). | |||
 |
index : chango.git | |
| django |
| summaryrefslogtreecommitdiff |