| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-12-11 | Refs #36499 -- Adjusted test_strip_tags following Python behavior change for ↵ | Jacob Walls | |
| incomplete entities. | |||
| 2025-11-20 | Fixed #36737 -- Escaped further control characters in escapejs. | farthestmage | |
| 2025-11-05 | Fixed #36710 -- Fixed a regression in urlize for multipart domain names. | Mehraz Hossain Rumman | |
| Thanks Mehraz Hossain Rumman for the report and Bruno Alla for the triage. Regression in a9fe98d5bd4212d069afe8316101984aadecfbb2. | |||
| 2025-10-22 | Refs #36499 -- Made TestUtilsHtml.test_strip_tags() assume behavior change ↵ | Mariusz Felisiak | |
| in X.Y.0 version for Python 3.14+. This also removes unsupported versions of Python from the test dict. | |||
| 2025-08-28 | Fixed #35533 -- Prevented urlize creating broken links given a markdown link ↵ | SaJH | |
| input. Signed-off-by: SaJH <wogur981208@gmail.com> | |||
| 2025-08-12 | Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags ↵ | Natalia | |
| following Python's HTMLParser new behavior. Python fixed a quadratic complexity processing for HTMLParser in: https://github.com/python/cpython/commit/6eb6c5db. | |||
| 2025-07-23 | Refs #36500 -- Rewrapped long docstrings and block comments via a script. | django-bot | |
| Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. | |||
| 2025-05-06 | Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags(). | Sarah Boyce | |
| Thanks to Elias Myllymäki for the report, and Shai Berger and Jake Howard for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2025-03-19 | Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and ↵ | Ahmed Nassar | |
| urlizetrunc. | |||
| 2025-01-23 | Fixed #36013 -- Removed use of IDNA-2003 in django.utils.html. | Mike Edmunds | |
| Removed obsolete and potentially problematic IDNA 2003 ("punycode") encoding of international domain names in smart_urlquote() and Urlizer, which are used (only) by AdminURLFieldWidget and the urlize/urlizetrunc template filters. Changed to use percent-encoded UTF-8, which defers IDNA details to the browser (like other URLs rendered by Django). | |||
| 2025-01-20 | Fixed #36017 -- Used EmailValidator in urlize to detect emails. | greg | |
| 2025-01-15 | Refs #34609 -- Removed support for calling format_html() without arguments ↵ | Sarah Boyce | |
| per deprecation timeline. | |||
| 2024-12-17 | Fixed #36012 -- Made mailto punctuation percent-encoded in Urlizer. | Mike Edmunds | |
| Urlizer was not properly encoding email addresses containing punctuation in generated mailto links. Per RFC 6068, fixed by percent encoding (urllib.parse.quote) the local and domain address parts. | |||
| 2024-12-04 | Fixed CVE-2024-53907 -- Mitigated potential DoS in strip_tags(). | Sarah Boyce | |
| Thanks to jiangniao for the report, and Shai Berger and Natalia Bidart for the reviews. | |||
| 2024-09-03 | Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc ↵ | Sarah Boyce | |
| template filters. Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2024-08-27 | Refs #34609 -- Fixed deprecation warning stack level in format_html(). | Adam Johnson | |
| Co-authored-by: Simon Charette <charette.s@gmail.com> | |||
| 2024-08-20 | Fixed #35668 -- Added mapping support to format_html_join. | nabil-rady | |
| 2024-08-06 | Fixed CVE-2024-41991 -- Prevented potential ReDoS in ↵ | Mariusz Felisiak | |
| django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-08-06 | Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc ↵ | Sarah Boyce | |
| template filters. Thanks to MProgrammer for the report. | |||
| 2024-07-09 | Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc ↵ | Adam Johnson | |
| template filters. Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2023-06-06 | Fixed #34609 -- Deprecated calling format_html() without arguments. | devilsautumn | |
| 2022-06-28 | Fixed #33779 -- Allowed customizing encoder class in ↵ | Hrushikesh Vaidya | |
| django.utils.html.json_script(). | |||
| 2022-03-08 | Rewrote strip_tags test file to lorem ipsum. | Adam Johnson | |
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-11-22 | Fixed #33302 -- Made element_id optional argument for json_script template ↵ | Baptiste Mispelon | |
| filter. Added versionchanged note in documentation | |||
| 2021-07-07 | Fixed #32866 -- Fixed trimming trailing punctuation from escaped string in ↵ | Shipeng Feng | |
| urlize(). | |||
| 2019-08-01 | Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵ | Florian Apolloner | |
| strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | |||
| 2019-04-25 | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵ | Jon Dufresne | |
| html.escape()/unescape(). | |||
| 2019-01-27 | Removed default mode='r' argument from calls to open(). | Jon Dufresne | |
| 2018-11-09 | Fixed #29920 -- Added a test for smart_urlquote()'s UnicodeError branch. | Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి) | |
| 2018-09-26 | Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| 2018-03-06 | Added more tests for django.utils.html.urlize(). | Tim Graham | |
| 2018-03-06 | Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and ↵ | Tim Graham | |
| urlizetrunc template filters. Thanks Florian Apolloner for assisting with the patch. | |||
| 2018-02-10 | Added tests for utils.html.urlize() (lazy string inputs were untested). | Tim Graham | |
| 2018-02-07 | Fixed #17419 -- Added json_tag template filter. | Jonas Haag | |
| 2018-01-21 | Fixed #29038 -- Removed closing slash from HTML void tags. | Jon Dufresne | |
| 2017-03-04 | Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. | Tim Graham | |
| 2017-02-02 | Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape | Claude Paroz | |
| 2017-02-02 | Refs #27804 -- Used subTest() in tests.utils_tests.test_html. | Tim Graham | |
| 2017-02-02 | Imported specific functions in tests.utils_tests.test_html. | Tim Graham | |
| 2017-01-24 | Removed unneeded force_text calls in the test suite | Claude Paroz | |
| 2017-01-20 | Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. | Tim Graham | |
| These functions do nothing on Python 3. | |||
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | |
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
| 2015-12-12 | Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy(). | Iacopo Spalletti | |
| Thanks to bmispelon and uruz for the initial patch. | |||
| 2015-09-23 | Refs #23269 -- Removed the removetags template tag and related functions per ↵ | Tim Graham | |
| deprecation timeline. | |||
| 2015-09-12 | Fixed #23395 -- Limited line lengths to 119 characters. | Dražen Odobašić | |
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |