Refs #36769 -- Raised SuspiciousOperation for unexpected nested tags in XML Deserializer.

Thanks Shai Berger and Natalia Bidart for reviews.
author: Jacob Walls <jacobtylerwalls@gmail.com> 2026-01-07 16:23:48 -0500
committer: Jacob Walls <jacobtylerwalls@gmail.com> 2026-01-12 16:38:32 -0500
commit: 73c5e94521c5b97e27cd2fe2d5b5c2e65f402755 (patch)
tree: 03a799e0dfdac608e9ba5c95c5186bc31d851754 /docs/topics
parent: a25158f5cc590f3dff4226c3a48257481e6e67a6 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/docs/topics/serialization.txt b/docs/topics/serialization.txt
index f801df0561..1a129072e0 100644
--- a/docs/topics/serialization.txt
+++ b/docs/topics/serialization.txt
@@ -198,7 +198,8 @@ lowercase name of the model ("session") separated by a dot.
 
 Each field of the object is serialized as a ``<field>``-element sporting the
 fields "type" and "name". The text content of the element represents the value
-that should be stored.
+that should be stored. (If the element contains child tags,
+:exc:`~django.core.exceptions.SuspiciousOperation` is raised.)
 
 Foreign keys and other relational fields are treated a little bit differently:
 
@@ -237,6 +238,11 @@ This example links the given user with the permission models with PKs 46 and
     XHTML, XML and Control Codes
     <https://www.w3.org/International/questions/qa-controls>`_.
 
+.. versionchanged:: 6.1
+
+    :exc:`~django.core.exceptions.SuspiciousOperation` is raised when
+    unexpected nested tags are found.
+
 .. _serialization-formats-json:
 
 JSON
author	Jacob Walls <jacobtylerwalls@gmail.com>	2026-01-07 16:23:48 -0500
committer	Jacob Walls <jacobtylerwalls@gmail.com>	2026-01-12 16:38:32 -0500
commit	73c5e94521c5b97e27cd2fe2d5b5c2e65f402755 (patch)
tree	03a799e0dfdac608e9ba5c95c5186bc31d851754 /docs/topics
parent	a25158f5cc590f3dff4226c3a48257481e6e67a6 (diff)