| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-11-25 | Removed unused unencoded_ampersands_re regex. | Baptiste Mispelon | |
| Unused since 8b81dee60c1533e714a310fa5c3907356042a64c. | |||
| 2019-10-29 | Fixed #30899 -- Lazily compiled import time regular expressions. | Hasan Ramezani | |
| 2019-08-01 | Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵ | Florian Apolloner | |
| strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | |||
| 2019-07-03 | Refs #30608 -- Added django.utils.encoding.punycode(). | Mariusz Felisiak | |
| 2019-07-02 | Fixed typos in comments and docs. | Min ho Kim | |
| 2019-04-25 | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵ | Jon Dufresne | |
| html.escape()/unescape(). | |||
| 2019-02-06 | Refs #27753 -- Favored SafeString over SafeText. | Tim Graham | |
| 2018-10-12 | Simplified django.utils.html.urlize(). | Tim Graham | |
| 2018-10-12 | Refs #29826 -- Removed unused characters from urlize configuration. | Tim Graham | |
| The HTML characters are unused because urlize is meant to be applied to plain text and these characters aren't properly detected (refs #29826). Angle brackets and quotes are present in word_split_re and therefore won't be used in WRAPPING_PUNCTUATION. | |||
| 2018-09-28 | Refs #28909 -- Simplifed code using unpacking generalizations. | Sergey Fedoseev | |
| 2018-09-26 | Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| 2018-08-21 | Fixed #29654 -- Made text truncation an ellipsis character instead of three ↵ | Claude Paroz | |
| dots. Thanks Sudhanshu Mishra for the initial patch and Tim Graham for the review. | |||
| 2018-03-06 | Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and ↵ | Tim Graham | |
| urlizetrunc template filters. Thanks Florian Apolloner for assisting with the patch. | |||
| 2018-02-09 | Refs #27795 -- Replaced force_text() calls with str() in django.utils.html. | Jon Dufresne | |
| 2018-02-07 | Fixed #17419 -- Added json_tag template filter. | Jonas Haag | |
| 2018-01-21 | Fixed #29038 -- Removed closing slash from HTML void tags. | Jon Dufresne | |
| 2017-12-07 | Refs #23919 -- Replaced super() calls for old-style classes. | Nick Pope | |
| 2017-10-13 | Improved performance of utils.html.escape(). | Tom | |
| 2017-09-25 | Fixed #27857 -- Dropped support for Python 3.4. | Tim Graham | |
| 2017-04-27 | Refs #27795 -- Replaced many force_text() with str() | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-03-04 | Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. | Tim Graham | |
| 2017-02-11 | Refs #27656 -- Updated django.utils docstring verbs according to PEP 257. | Anton Samarchyan | |
| 2017-02-02 | Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape | Claude Paroz | |
| 2017-01-21 | Refs #23919 -- Removed misc references to Python 2. | Tim Graham | |
| 2017-01-20 | Refs #23919 -- Removed unneeded str() calls | Claude Paroz | |
| 2017-01-20 | Refs #23919 -- Removed unneeded force_str calls | Claude Paroz | |
| 2017-01-18 | Refs #23919 -- Removed most of remaining six usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed six.<various>_types usage | Claude Paroz | |
| Thanks Tim Graham and Simon Charette for the reviews. | |||
| 2017-01-18 | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | |
| 2016-11-14 | Fixed E305 flake8 warnings. | Ramin Farajpour Cami | |
| 2016-09-23 | Removed unused regexes from django.utils.html. | Jon Dufresne | |
| Last uses removed in commit 8b81dee60c1533e714a310fa5c3907356042a64c. | |||
| 2016-09-17 | Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6. | Tim Graham | |
| http://bugs.python.org/issue27364 | |||
| 2016-04-08 | Fixed E128 flake8 warnings in django/. | Tim Graham | |
| 2016-02-15 | Fixed #26193 -- Made urlize() trim multiple trailing punctuation. | Jon Dufresne | |
| 2015-12-12 | Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy(). | Iacopo Spalletti | |
| Thanks to bmispelon and uruz for the initial patch. | |||
| 2015-09-23 | Refs #23269 -- Removed the removetags template tag and related functions per ↵ | Tim Graham | |
| deprecation timeline. | |||
| 2015-08-31 | Fixed #25331 -- Removed trailing blank lines in docstrings. | Maxime Lorant | |
| 2015-06-24 | Renamed RemovedInDjangoXYWarnings for new roadmap. | Tim Graham | |
| Forwardport of ae1d663b7913f6da233c55409c4973248372d302 from stable/1.8.x plus more. | |||
| 2015-06-15 | Fixed flake8 warnings on Python 3. | Tim Graham | |
| 2015-03-27 | Fixed #24469 -- Refined escaping of Django's form elements in non-Django ↵ | Moritz Sichert | |
| templates. | |||
| 2015-03-18 | Fixed an infinite loop possibility in strip_tags(). | Tim Graham | |
| This is a security fix; disclosure to follow shortly. | |||
| 2015-03-10 | Fixed #24471 -- Enhanced urlize regex to exclude quotes and angle brackets. | Tim Graham | |
| 2015-03-10 | Fixed escaping regression in urlize filter. | Tim Graham | |
| Now that the URL is always unescaped as of refs #22267, we should re-escape it before inserting it into the anchor. | |||
| 2015-03-06 | Fixed urlize regression with entities in query strings | Claude Paroz | |
| Refs #22267. Thanks Shai Berger for spotting the issue and Tim Graham for the initial patch. | |||
| 2015-02-06 | Sorted imports with isort; refs #23860. | Tim Graham | |
| 2015-01-17 | Removed compatibility with Python 3.2. | Tim Graham | |
| 2014-12-27 | Fixed #23831 -- Supported strings escaped by third-party libs in Django. | Aymeric Augustin | |
| Refs #7261 -- Made strings escaped by Django usable in third-party libs. The changes in mark_safe and mark_for_escaping are straightforward. The more tricky part is to handle correctly objects that implement __html__. Historically escape() has escaped SafeData. Even if that doesn't seem a good behavior, changing it would create security concerns. Therefore support for __html__() was only added to conditional_escape() where this concern doesn't exist. Then using conditional_escape() instead of escape() in the Django template engine makes it understand data escaped by other libraries. Template filter |escape accounts for __html__() when it's available. |force_escape forces the use of Django's HTML escaping implementation. Here's why the change in render_value_in_context() is safe. Before Django 1.7 conditional_escape() was implemented as follows: if isinstance(text, SafeData): return text else: return escape(text) render_value_in_context() never called escape() on SafeData. Therefore replacing escape() with conditional_escape() doesn't change the autoescaping logic as it was originally intended. This change should be backported to Django 1.7 because it corrects a feature added in Django 1.7. Thanks mitsuhiko for the report. | |||
| 2014-12-08 | Fixed #23968 -- Replaced list comprehension with generators and dict ↵ | Jon Dufresne | |
| comprehension | |||
| 2014-12-03 | Removed redundant numbered parameters from str.format(). | Berker Peksag | |
| Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}". | |||
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |