| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-08-01 | Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵ | Florian Apolloner | |
| strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | |||
| 2019-04-25 | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵ | Jon Dufresne | |
| html.escape()/unescape(). | |||
| 2019-01-27 | Removed default mode='r' argument from calls to open(). | Jon Dufresne | |
| 2018-11-09 | Fixed #29920 -- Added a test for smart_urlquote()'s UnicodeError branch. | Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి) | |
| 2018-09-26 | Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| 2018-03-06 | Added more tests for django.utils.html.urlize(). | Tim Graham | |
| 2018-03-06 | Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and ↵ | Tim Graham | |
| urlizetrunc template filters. Thanks Florian Apolloner for assisting with the patch. | |||
| 2018-02-10 | Added tests for utils.html.urlize() (lazy string inputs were untested). | Tim Graham | |
| 2018-02-07 | Fixed #17419 -- Added json_tag template filter. | Jonas Haag | |
| 2018-01-21 | Fixed #29038 -- Removed closing slash from HTML void tags. | Jon Dufresne | |
| 2017-03-04 | Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. | Tim Graham | |
| 2017-02-02 | Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape | Claude Paroz | |
| 2017-02-02 | Refs #27804 -- Used subTest() in tests.utils_tests.test_html. | Tim Graham | |
| 2017-02-02 | Imported specific functions in tests.utils_tests.test_html. | Tim Graham | |
| 2017-01-24 | Removed unneeded force_text calls in the test suite | Claude Paroz | |
| 2017-01-20 | Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. | Tim Graham | |
| These functions do nothing on Python 3. | |||
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | |
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
| 2015-12-12 | Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy(). | Iacopo Spalletti | |
| Thanks to bmispelon and uruz for the initial patch. | |||
| 2015-09-23 | Refs #23269 -- Removed the removetags template tag and related functions per ↵ | Tim Graham | |
| deprecation timeline. | |||
| 2015-09-12 | Fixed #23395 -- Limited line lengths to 119 characters. | Dražen Odobašić | |
| 2015-06-24 | Renamed RemovedInDjangoXYWarnings for new roadmap. | Tim Graham | |
| Forwardport of ae1d663b7913f6da233c55409c4973248372d302 from stable/1.8.x plus more. | |||
| 2015-03-27 | Fixed #24469 -- Refined escaping of Django's form elements in non-Django ↵ | Moritz Sichert | |
| templates. | |||
| 2015-03-18 | Fixed an infinite loop possibility in strip_tags(). | Tim Graham | |
| This is a security fix; disclosure to follow shortly. | |||
| 2015-02-06 | Sorted imports with isort; refs #23860. | Tim Graham | |
| 2014-12-30 | Applied ignore_warnings to Django tests | Claude Paroz | |
| 2014-12-03 | Removed redundant numbered parameters from str.format(). | Berker Peksag | |
| Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}". | |||
| 2014-09-09 | Fixed urlize after smart_urlquote rewrite | Claude Paroz | |
| Refs #22267. | |||
| 2014-09-09 | Fixed #22267 -- Fixed unquote/quote in smart_urlquote | Claude Paroz | |
| Thanks Md. Enzam Hossain for the report and initial patch, and Tim Graham for the review. | |||
| 2014-08-15 | Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter. | Tim Graham | |
| Also the unused, undocumented django.utils.html.strip_entities() function. | |||
| 2014-03-22 | Tweaked strip_tags tests to pass on Python 3.3 | Claude Paroz | |
| 2014-03-22 | Improved strip_tags and clarified documentation | Claude Paroz | |
| The fact that strip_tags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ | |||
| 2014-03-21 | Removed fix_ampersands template filter per deprecation timeline. | Tim Graham | |
| Also removed related utility functions: * django.utils.html.fix_ampersands * django.utils.html.clean_html | |||
| 2014-03-08 | Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings | Claude Paroz | |
| Thanks Anssi Kääriäinen for the idea and Simon Charette for the review. | |||
| 2014-03-01 | Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html() | Erik Romijn | |
| 2013-10-26 | Fix all violators of E231 | Alex Gaynor | |
| 2013-10-18 | Fixed #21287 -- Fixed E123 pep8 warnings | Alasdair Nicol | |
| 2013-10-15 | Fixed #7261 -- support for __html__ for library interoperability | Unai Zalakain | |
| The idea is that if an object implements __html__ which returns a string this is used as HTML representation (eg: on escaping). If the object is a str or unicode subclass and returns itself the object is a safe string type. This is an updated patch based on jbalogh and ivank patches. | |||
| 2013-07-28 | Simplified smart_urlquote and added some basic tests. | Florian Apolloner | |
| 2013-07-01 | Stopped using django.utils.unittest in the test suite. | Aymeric Augustin | |
| Refs #20680. | |||
| 2013-05-23 | Fixed #19237 (again) - Made strip_tags consistent between Python versions | Claude Paroz | |
| 2013-05-22 | Fixed #19237 -- Used HTML parser to strip tags | Claude Paroz | |
| The regex method used until now for the strip_tags utility is fast, but subject to flaws and security issues. Consensus and good practice lead use to use a slower but safer method. | |||
| 2013-04-12 | Modified utils_tests for unittest2 discovery. | Preston Timmons | |
