Fixed an infinite loop possibility in strip_tags().

This is a security fix; disclosure to follow shortly.
author: Tim Graham <timograham@gmail.com> 2015-03-04 08:11:25 -0500
committer: Tim Graham <timograham@gmail.com> 2015-03-18 19:20:07 -0400
commit: 1c83fc88d6928a5ab53bc3dde79dad3cc0bfcfdc (patch)
tree: 52ec44eb415d44afa13231d66de6a5e4d8353894 /django/utils/html.py
parent: 9ddfe9b301d59c80808a7dca57138f90751176f1 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/django/utils/html.py b/django/utils/html.py
index 9f9fbdb2a5..1cf131b8a0 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -175,8 +175,10 @@ def strip_tags(value):
     # is redundant, but helps to reduce number of executions of _strip_once.
     while '<' in value and '>' in value:
         new_value = _strip_once(value)
-        if new_value == value:
-            # _strip_once was not able to detect more tags
+        if len(new_value) >= len(value):
+            # _strip_once was not able to detect more tags or length increased
+            # due to http://bugs.python.org/issue20288
+            # (affects Python 2 < 2.7.7 and Python 3 < 3.3.5)
             break
         value = new_value
     return value
author	Tim Graham <timograham@gmail.com>	2015-03-04 08:11:25 -0500
committer	Tim Graham <timograham@gmail.com>	2015-03-18 19:20:07 -0400
commit	1c83fc88d6928a5ab53bc3dde79dad3cc0bfcfdc (patch)
tree	52ec44eb415d44afa13231d66de6a5e4d8353894 /django/utils/html.py
parent	9ddfe9b301d59c80808a7dca57138f90751176f1 (diff)