| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-03-06 | [5.2.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in wordwrap template ↵ | Sarah Boyce | |
| filter. Thanks sw0rd1ight for the report. Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main. | |||
| 2025-02-13 | [5.2.x] Fixed #36182 -- Returned "?" if all parameters are removed in ↵ | Sarah Boyce | |
| querystring template tag. Thank you to David Feeley for the report and Natalia Bidart for the review. Backport of 05002c153c5018e4429a326a6699c7c45e5ea957 from main. | |||
| 2025-01-23 | [5.2.x] Fixed #36013 -- Removed use of IDNA-2003 in django.utils.html. | Mike Edmunds | |
| Removed obsolete and potentially problematic IDNA 2003 ("punycode") encoding of international domain names in smart_urlquote() and Urlizer, which are used (only) by AdminURLFieldWidget and the urlize/urlizetrunc template filters. Changed to use percent-encoded UTF-8, which defers IDNA details to the browser (like other URLs rendered by Django). Backport of 29ba75e6e57414f0e6f9528d08a520b8b931fb28 from main. | |||
| 2025-01-14 | Fixed #35998 -- Added caching to django.utils.html.urlize(). | Sarah Boyce | |
| 2024-12-06 | Fixed #35493 -- Allowed template self-inclusion with relative paths. | Gabriel Nick Pivovarov | |
| Co-authored-by: Brock <bsmick97@gmail.com> | |||
| 2024-11-29 | Refs #10941 -- Added tests in querystring template tag. | Natalia | |
| These extra tests assert over the handling of empty params (None, empty dict, empty QueryDict), and also for dicts having non-string keys. | |||
| 2024-11-29 | Refs #10941 -- Added helper and refactored tests for querystring template tag. | Natalia | |
| Thank you Sarah Boyce for the review and suggestions. | |||
| 2024-11-28 | Fixed #35897 -- Removed unnecessary escaping in template's get_exception_info(). | Klaas van Schelven | |
| 2024-11-19 | Fixed #35535 -- Added template tag decorator simple_block_tag(). | Jake Howard | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-11-18 | Refs #35844 -- Fixed copying BaseContext and its subclasses on Python 3.14+. | Mariusz Felisiak | |
| super objects are copyable on Python 3.14+: https://github.com/python/cpython/commit/5ca4e34bc1aab8321911aac6d5b2b9e75ff764d8 and can no longer be used in BaseContext.__copy__(). | |||
| 2024-10-10 | Fixed #35789 -- Improved the error message raised when the tag must be first ↵ | ekinertac | |
| in the template. | |||
| 2024-09-17 | Fixed #35735 -- Enabled template access to methods and properties of classes ↵ | Fabian Braun | |
| with __class_get_item__. | |||
| 2024-09-16 | Improved TokenType.COMMENT test by using correct block syntax in template tests. | Lily Foote | |
| 2024-09-03 | Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc ↵ | Sarah Boyce | |
| template filters. Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2024-08-08 | Fixed #35661 -- Fixed test_too_many_digits_to_rander() test crash on PyPy. | Mariusz Felisiak | |
| Thanks Michał Górny for the report. | |||
| 2024-08-06 | Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat. | Sarah Boyce | |
| Thanks Elias Myllymäki for the report. Co-authored-by: Shai Berger <shai@platonix.com> | |||
| 2024-07-25 | Added dedicated test for invalid inputs in floatformat template filter tests. | nessita | |
| Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-07-16 | Refs #10941 -- Renamed test file test_query_string.py to test_querystring.py. | nessita | |
| This follows previous renames made in 27043bde5b795eb4a605aeca1d3bc4345d2ca478. | |||
| 2024-07-15 | Refs #10941 -- Renamed query_string template tag to querystring. | Sarah Boyce | |
| 2024-07-10 | Improved test coverage of urlize. | Sarah Boyce | |
| 2024-06-13 | Fixed #35417 -- Updated BaseContext.new() with values to create a context ↵ | George Y. Kussumoto | |
| that can be flattened. | |||
| 2024-04-24 | Fixed #35395 -- slice filter crashes on an empty dict with Python 3.12. | Tim Richardson | |
| Keep consistent behaviour of slice() filter between python 3.12 and prior versions in the case of a dict passed to the filter (catch the new to python 3.12 KeyError exception). | |||
| 2024-02-07 | Fixed #30686 -- Used Python HTMLParser in utils.text.Truncator. | David Smith | |
| 2024-02-07 | Refs #30686 -- Fixed text truncation for negative or zero lengths. | David Smith | |
| 2024-02-06 | Refs #30686 -- Improved test coverage of Truncator. | David Smith | |
| 2024-01-29 | Refs #35141 -- Corrected value of CACHE_MIDDLEWARE_SECONDS in ↵ | Alexander Lazarević | |
| CacheMiddlewareTest tests. | |||
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2023-12-31 | Used addCleanup() in tests where appropriate. | Mariusz Felisiak | |
| 2023-10-26 | Fixed #10941 -- Added {% query_string %} template tag. | Tom Carrick | |
| 2023-10-02 | Fixed #34883 -- Allowed template tags to set extra data on templates. | Carlton Gibson | |
| By setting a value in the `parser.extra_data` mapping, template tags pass additional data out of the parsing context. Any extra data set is exposed on the template via the matching `.extra_data` attribute. Library authors should use a key to namespace extra data. The 'django' namespace is reserved for internal use. | |||
| 2023-09-29 | Refs #15667 -- Added resetting default renderer when FORM_RENDERER is changed. | Mariusz Felisiak | |
| 2023-09-29 | Fixed #34878 -- Fixed autoreloader crash when FORM_RENDERER is set to ↵ | Dan Jacob | |
| TemplatesSetting. Regression in 439242c5943e16dd5a3a68fadac76e5e723eb323. | |||
| 2023-09-18 | Refs #33864 -- Removed length_is template filter per deprecation timeline. | Mariusz Felisiak | |
| 2023-08-22 | Removed unnecessary trailing commas in tests. | konsti | |
| 2023-08-09 | Fixed #34692 -- Made autoreloader reset cached template loader for default ↵ | priyank.panchal | |
| renderer. | |||
| 2023-07-12 | Refs #30116 -- Simplified tests related with dictionary order. | Mariusz Felisiak | |
| Dicts preserve order since Python 3.6. | |||
| 2023-05-22 | Fixed #34577 -- Added escapeseq template filter. | Arthur Moreira | |
| 2023-05-19 | Fixed #34578 -- Made "join" template filter respect autoescape for joiner. | rajeeshp | |
| 2023-04-26 | Fixed #34518 -- Fixed crash of random() template filter with an empty list. | David Sanders | |
| 2023-03-29 | Fixed #34427 -- Improved error message when context processor does not ↵ | David Sanders | |
| return a dict. | |||
| 2023-03-20 | Fixed some typos in comments, docstrings, and tests. | Liyang Zhang | |
| 2023-02-22 | Fixed #34363 -- Fixed floatformat crash on zero with trailing zeros. | Panagiotis H.M. Issaris | |
| Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124. Follow up to 4b066bde692078b194709d517b27e55defae787c. | |||
| 2023-02-01 | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | |||
| 2023-01-19 | Fixed #34272 -- Fixed floatformat crash on zero with trailing zeros to zero ↵ | David Wobrock | |
| decimal places. Regression in 08c5a787262c1ae57f6517d4574b54a5fcaad124. Thanks Andrii Lahuta for the report. | |||
| 2023-01-04 | Fixed #33879 -- Improved timesince handling of long intervals. | GianpaoloBranca | |
| 2022-11-04 | Fixed #27654 -- Propagated alters_data attribute to callables overridden in ↵ | LightDiscord | |
| subclasses. Thanks Shai Berger and Adam Johnson for reviews and the implementation idea. | |||
| 2022-10-24 | Fixed #34098 -- Fixed loss of precision for Decimal values in floatformat ↵ | Vlastimil Zíma | |
| filter. Regression in 12f7928f5a455e330c0a7f19bc86b37baca12811. | |||
| 2022-07-23 | Fixed #33864 -- Deprecated length_is template filter. | Nick Pope | |
| 2022-07-14 | Fixed #33631 -- Marked {% blocktranslate asvar %} result as HTML safe. | cheng | |
| 2022-05-31 | Fixed #33748 -- Fixed date template filter crash with lazy format. | Claude Paroz | |
| Regression in 659d2421c7adbbcd205604002d521d82d6b0b465. | |||
