| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-11-14 | Fixed E305 flake8 warnings. | Ramin Farajpour Cami | |
| 2016-09-23 | Removed unused regexes from django.utils.html. | Jon Dufresne | |
| Last uses removed in commit 8b81dee60c1533e714a310fa5c3907356042a64c. | |||
| 2016-09-17 | Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6. | Tim Graham | |
| http://bugs.python.org/issue27364 | |||
| 2016-04-08 | Fixed E128 flake8 warnings in django/. | Tim Graham | |
| 2016-02-15 | Fixed #26193 -- Made urlize() trim multiple trailing punctuation. | Jon Dufresne | |
| 2015-12-12 | Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy(). | Iacopo Spalletti | |
| Thanks to bmispelon and uruz for the initial patch. | |||
| 2015-09-23 | Refs #23269 -- Removed the removetags template tag and related functions per ↵ | Tim Graham | |
| deprecation timeline. | |||
| 2015-08-31 | Fixed #25331 -- Removed trailing blank lines in docstrings. | Maxime Lorant | |
| 2015-06-24 | Renamed RemovedInDjangoXYWarnings for new roadmap. | Tim Graham | |
| Forwardport of ae1d663b7913f6da233c55409c4973248372d302 from stable/1.8.x plus more. | |||
| 2015-06-15 | Fixed flake8 warnings on Python 3. | Tim Graham | |
| 2015-03-27 | Fixed #24469 -- Refined escaping of Django's form elements in non-Django ↵ | Moritz Sichert | |
| templates. | |||
| 2015-03-18 | Fixed an infinite loop possibility in strip_tags(). | Tim Graham | |
| This is a security fix; disclosure to follow shortly. | |||
| 2015-03-10 | Fixed #24471 -- Enhanced urlize regex to exclude quotes and angle brackets. | Tim Graham | |
| 2015-03-10 | Fixed escaping regression in urlize filter. | Tim Graham | |
| Now that the URL is always unescaped as of refs #22267, we should re-escape it before inserting it into the anchor. | |||
| 2015-03-06 | Fixed urlize regression with entities in query strings | Claude Paroz | |
| Refs #22267. Thanks Shai Berger for spotting the issue and Tim Graham for the initial patch. | |||
| 2015-02-06 | Sorted imports with isort; refs #23860. | Tim Graham | |
| 2015-01-17 | Removed compatibility with Python 3.2. | Tim Graham | |
| 2014-12-27 | Fixed #23831 -- Supported strings escaped by third-party libs in Django. | Aymeric Augustin | |
| Refs #7261 -- Made strings escaped by Django usable in third-party libs. The changes in mark_safe and mark_for_escaping are straightforward. The more tricky part is to handle correctly objects that implement __html__. Historically escape() has escaped SafeData. Even if that doesn't seem a good behavior, changing it would create security concerns. Therefore support for __html__() was only added to conditional_escape() where this concern doesn't exist. Then using conditional_escape() instead of escape() in the Django template engine makes it understand data escaped by other libraries. Template filter |escape accounts for __html__() when it's available. |force_escape forces the use of Django's HTML escaping implementation. Here's why the change in render_value_in_context() is safe. Before Django 1.7 conditional_escape() was implemented as follows: if isinstance(text, SafeData): return text else: return escape(text) render_value_in_context() never called escape() on SafeData. Therefore replacing escape() with conditional_escape() doesn't change the autoescaping logic as it was originally intended. This change should be backported to Django 1.7 because it corrects a feature added in Django 1.7. Thanks mitsuhiko for the report. | |||
| 2014-12-08 | Fixed #23968 -- Replaced list comprehension with generators and dict ↵ | Jon Dufresne | |
| comprehension | |||
| 2014-12-03 | Removed redundant numbered parameters from str.format(). | Berker Peksag | |
| Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}". | |||
| 2014-10-31 | Fixed #23715 -- Prevented urlize from treating a trailing ! as part of an URL | Markus Holtermann | |
| Thanks to 57even for the report. | |||
| 2014-10-20 | Fixed #20221 -- Allowed some functions that use mark_safe() to result in ↵ | Jon Dufresne | |
| SafeText. Thanks Baptiste Mispelon for the report. | |||
| 2014-09-09 | Fixed flake8 warnings. | Tim Graham | |
| 2014-09-09 | Fixed urlize after smart_urlquote rewrite | Claude Paroz | |
| Refs #22267. | |||
| 2014-09-09 | Fixed #22267 -- Fixed unquote/quote in smart_urlquote | Claude Paroz | |
| Thanks Md. Enzam Hossain for the report and initial patch, and Tim Graham for the review. | |||
| 2014-09-05 | Limited lines to 119 characters in django/ | Tim Graham | |
| refs #23395. | |||
| 2014-08-15 | Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter. | Tim Graham | |
| Also the unused, undocumented django.utils.html.strip_entities() function. | |||
| 2014-07-09 | Fixed #22223 -- Prevented over-escaping URLs in reverse() | Claude Paroz | |
| And follow more closely the class of characters defined in the RFC 3986. Thanks Erik van Zijst for the report and the initial patch, and Tim Graham for the review. | |||
| 2014-07-04 | Updated urlize regex following a93ee5112d4 | LarryBrid | |
| Prevent urlize from turning some.organization, an.intern etc. into urls. Refs #22941. | |||
| 2014-07-02 | Fixed #22941 - Added support for domain-only links with chars after the TLD ↵ | LarryBrid | |
| to urlize. It now works with something like google.com/foo/bar | |||
| 2014-04-03 | Refactored and commented strip_tags utility | Tomasz Wysocki | |
| 2014-03-30 | Corrected many style guide violations that the newest version of flake8 catches | Alex Gaynor | |
| 2014-03-27 | Fixed a deprecation warning with the HTMLParser safe argument. | Tim Graham | |
| refs 6ca6c36f82b97eafeada61384b2e2f1d0587da86 | |||
| 2014-03-22 | Removed an unused variable. | Alex Gaynor | |
| 2014-03-22 | Improved strip_tags and clarified documentation | Claude Paroz | |
| The fact that strip_tags cannot guarantee to really strip all non-safe HTML content was not clear enough. Also see: https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/ | |||
| 2014-03-21 | Removed fix_ampersands template filter per deprecation timeline. | Tim Graham | |
| Also removed related utility functions: * django.utils.html.fix_ampersands * django.utils.html.clean_html | |||
| 2014-03-08 | Fixed #21188 -- Introduced subclasses for to-be-removed-in-django-XX warnings | Claude Paroz | |
| Thanks Anssi Kääriäinen for the idea and Simon Charette for the review. | |||
| 2014-03-03 | Fixed many typos in comments and docstrings. | Rodolfo Carvalho | |
| Thanks Piotr Kasprzyk for help with the patch. | |||
| 2014-03-01 | Fixed #22130 -- Deprecated fix_ampersands, removed utils.clean_html() | Erik Romijn | |
| 2013-12-16 | Removed unnecessary function-level import. | Baptiste Mispelon | |
| 2013-12-16 | Removed unnecessary call to force_text in utils.html.clean_html. | Vajrasky Kok | |
| Refs #21574 | |||
| 2013-12-14 | Fixed E127 pep8 warnings. | Loic Bistuer | |
| 2013-11-28 | Fixed E125 pep8 warnings | Christopher Medrela | |
| 2013-11-02 | Correct flake8 E302 violations | Ray Ashman Jr | |
| 2013-11-02 | More attacking E302 violators | Alex Gaynor | |
| 2013-11-02 | Correct flake8 violation E261 | Ray Ashman Jr | |
| 2013-10-23 | Fixed #21298 -- Fixed E301 pep8 warnings | Alasdair Nicol | |
| 2013-10-21 | Fixed #21288 -- Fixed E126 pep8 warnings | Alasdair Nicol | |
| 2013-10-15 | Fixed #7261 -- support for __html__ for library interoperability | Unai Zalakain | |
| The idea is that if an object implements __html__ which returns a string this is used as HTML representation (eg: on escaping). If the object is a str or unicode subclass and returns itself the object is a safe string type. This is an updated patch based on jbalogh and ivank patches. | |||
| 2013-09-25 | Fixed #20364 -- Changed urlize regexes to include quotation marks as punctation. | Giles Richard Greenway | |
| Thanks to EmilStenstrom for raising this, and to Chris Piwoński for all of the fixes and most of the tests. | |||
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |