[1.8.x] Fixed an infinite loop possibility in strip_tags().

This is a security fix; disclosure to follow shortly.
author: Tim Graham <timograham@gmail.com> 2015-03-04 08:11:25 -0500
committer: Tim Graham <timograham@gmail.com> 2015-03-18 19:23:21 -0400
commit: 5447709a571cd5d95971f1d5d21d4a7edcf85bbd (patch)
tree: 98d1e20ddeefe436a1b1312671eeb8d9606d7e63 /django/utils/html.py
parent: 5a8ef2a3cf0c370e35c0b891ab97f3a17ac255d4 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/django/utils/html.py b/django/utils/html.py
index 66cbcee8f3..4197dc9e23 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -183,8 +183,10 @@ def strip_tags(value):
     # is redundant, but helps to reduce number of executions of _strip_once.
     while '<' in value and '>' in value:
         new_value = _strip_once(value)
-        if new_value == value:
-            # _strip_once was not able to detect more tags
+        if len(new_value) >= len(value):
+            # _strip_once was not able to detect more tags or length increased
+            # due to http://bugs.python.org/issue20288
+            # (affects Python 2 < 2.7.7 and Python 3 < 3.3.5)
             break
         value = new_value
     return value
author	Tim Graham <timograham@gmail.com>	2015-03-04 08:11:25 -0500
committer	Tim Graham <timograham@gmail.com>	2015-03-18 19:23:21 -0400
commit	5447709a571cd5d95971f1d5d21d4a7edcf85bbd (patch)
tree	98d1e20ddeefe436a1b1312671eeb8d9606d7e63 /django/utils/html.py
parent	5a8ef2a3cf0c370e35c0b891ab97f3a17ac255d4 (diff)