Improved strip_tags and clarified documentation

The fact that strip_tags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
author: Claude Paroz <claude@2xlibre.net> 2014-03-20 16:50:50 +0100
committer: Claude Paroz <claude@2xlibre.net> 2014-03-22 10:59:18 +0100
commit: 6ca6c36f82b97eafeada61384b2e2f1d0587da86 (patch)
tree: f0fd507b152148ac683d539c6d23ca9821ac1124 /tests/utils_tests/test_html.py
parent: aaa21102592e96c543d60513755d6c81f639f122 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index b4e61b9fd6..70de3a078e 100644
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@@ -80,6 +80,8 @@ class TestUtilsHtml(TestCase):
             ('a<p a >b</p>c', 'abc'),
             ('d<a:b c:d>e</p>f', 'def'),
             ('<strong>foo</strong><a href="http://example.com">bar</a>', 'foobar'),
+            ('<sc<!-- -->ript>test<<!-- -->/script>', 'test'),
+            ('<script>alert()</script>&h', 'alert()&h'),
         )
         for value, output in items:
             self.check_output(f, value, output)
author	Claude Paroz <claude@2xlibre.net>	2014-03-20 16:50:50 +0100
committer	Claude Paroz <claude@2xlibre.net>	2014-03-22 10:59:18 +0100
commit	6ca6c36f82b97eafeada61384b2e2f1d0587da86 (patch)
tree	f0fd507b152148ac683d539c6d23ca9821ac1124 /tests/utils_tests/test_html.py
parent	aaa21102592e96c543d60513755d6c81f639f122 (diff)