| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-12-11 | [5.2.x] Refs #36499 -- Adjusted test_strip_tags following Python behavior ↵ | Jacob Walls | |
| change for incomplete entities. Backport of 7b80b2186300620931009fd62c2969f108fe7a62 from main. | |||
| 2025-08-13 | [5.2.x] Fixed #36499 -- Adjusted ↵ | Natalia | |
| utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python's HTMLParser new behavior. Python fixed a quadratic complexity processing for HTMLParser in: https://github.com/python/cpython/commit/6eb6c5db. Backport of 2980627502c84a9fd09272e1349dc574a2ff1fb1 from main. | |||
| 2025-05-06 | [5.2.x] Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags(). | Sarah Boyce | |
| Thanks to Elias Myllymäki for the report, and Shai Berger and Jake Howard for the reviews. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Backport of 9f3419b519799d69f2aba70b9d25abe2e70d03e0 from main. | |||
| 2025-01-23 | [5.2.x] Fixed #36013 -- Removed use of IDNA-2003 in django.utils.html. | Mike Edmunds | |
| Removed obsolete and potentially problematic IDNA 2003 ("punycode") encoding of international domain names in smart_urlquote() and Urlizer, which are used (only) by AdminURLFieldWidget and the urlize/urlizetrunc template filters. Changed to use percent-encoded UTF-8, which defers IDNA details to the browser (like other URLs rendered by Django). Backport of 29ba75e6e57414f0e6f9528d08a520b8b931fb28 from main. | |||
| 2025-01-20 | [5.2.x] Fixed #36017 -- Used EmailValidator in urlize to detect emails. | greg | |
| Backport of 61dae11df52fae71fc3050974ac459f362c9dfd7 from main. | |||
| 2024-12-17 | Fixed #36012 -- Made mailto punctuation percent-encoded in Urlizer. | Mike Edmunds | |
| Urlizer was not properly encoding email addresses containing punctuation in generated mailto links. Per RFC 6068, fixed by percent encoding (urllib.parse.quote) the local and domain address parts. | |||
| 2024-12-04 | Fixed CVE-2024-53907 -- Mitigated potential DoS in strip_tags(). | Sarah Boyce | |
| Thanks to jiangniao for the report, and Shai Berger and Natalia Bidart for the reviews. | |||
| 2024-09-03 | Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc ↵ | Sarah Boyce | |
| template filters. Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. | |||
| 2024-08-27 | Refs #34609 -- Fixed deprecation warning stack level in format_html(). | Adam Johnson | |
| Co-authored-by: Simon Charette <charette.s@gmail.com> | |||
| 2024-08-20 | Fixed #35668 -- Added mapping support to format_html_join. | nabil-rady | |
| 2024-08-06 | Fixed CVE-2024-41991 -- Prevented potential ReDoS in ↵ | Mariusz Felisiak | |
| django.utils.html.urlize() and AdminURLFieldWidget. Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-08-06 | Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc ↵ | Sarah Boyce | |
| template filters. Thanks to MProgrammer for the report. | |||
| 2024-07-09 | Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc ↵ | Adam Johnson | |
| template filters. Thank you to Elias Myllymäki for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2023-06-06 | Fixed #34609 -- Deprecated calling format_html() without arguments. | devilsautumn | |
| 2022-06-28 | Fixed #33779 -- Allowed customizing encoder class in ↵ | Hrushikesh Vaidya | |
| django.utils.html.json_script(). | |||
| 2022-03-08 | Rewrote strip_tags test file to lorem ipsum. | Adam Johnson | |
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2021-11-22 | Fixed #33302 -- Made element_id optional argument for json_script template ↵ | Baptiste Mispelon | |
| filter. Added versionchanged note in documentation | |||
| 2021-07-07 | Fixed #32866 -- Fixed trimming trailing punctuation from escaped string in ↵ | Shipeng Feng | |
| urlize(). | |||
| 2019-08-01 | Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ↵ | Florian Apolloner | |
| strip_tags() when handling incomplete HTML entities. Thanks to Guido Vranken for initial report. | |||
| 2019-04-25 | Fixed #30399 -- Changed django.utils.html.escape()/urlize() to use ↵ | Jon Dufresne | |
| html.escape()/unescape(). | |||
| 2019-01-27 | Removed default mode='r' argument from calls to open(). | Jon Dufresne | |
| 2018-11-09 | Fixed #29920 -- Added a test for smart_urlquote()'s UnicodeError branch. | Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి) | |
| 2018-09-26 | Refs #29784 -- Switched to https:// links where available. | Jon Dufresne | |
| 2018-03-06 | Added more tests for django.utils.html.urlize(). | Tim Graham | |
| 2018-03-06 | Fixed CVE-2018-7536 -- Fixed catastrophic backtracking in urlize and ↵ | Tim Graham | |
| urlizetrunc template filters. Thanks Florian Apolloner for assisting with the patch. | |||
| 2018-02-10 | Added tests for utils.html.urlize() (lazy string inputs were untested). | Tim Graham | |
| 2018-02-07 | Fixed #17419 -- Added json_tag template filter. | Jonas Haag | |
| 2018-01-21 | Fixed #29038 -- Removed closing slash from HTML void tags. | Jon Dufresne | |
| 2017-03-04 | Fixed #27900 -- Made escapejs escape backticks for use in ES6 template literals. | Tim Graham | |
| 2017-02-02 | Fixed #27803 -- Kept safe status of lazy safe strings in conditional_escape | Claude Paroz | |
| 2017-02-02 | Refs #27804 -- Used subTest() in tests.utils_tests.test_html. | Tim Graham | |
| 2017-02-02 | Imported specific functions in tests.utils_tests.test_html. | Tim Graham | |
| 2017-01-24 | Removed unneeded force_text calls in the test suite | Claude Paroz | |
| 2017-01-20 | Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. | Tim Graham | |
| These functions do nothing on Python 3. | |||
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed six.PY2/PY3 usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2017-01-18 | Refs #23919 -- Removed encoding preambles and future imports | Claude Paroz | |
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
| 2015-12-12 | Fixed #20223 -- Added keep_lazy() as a replacement for allow_lazy(). | Iacopo Spalletti | |
| Thanks to bmispelon and uruz for the initial patch. | |||
| 2015-09-23 | Refs #23269 -- Removed the removetags template tag and related functions per ↵ | Tim Graham | |
| deprecation timeline. | |||
| 2015-09-12 | Fixed #23395 -- Limited line lengths to 119 characters. | Dražen Odobašić | |
| 2015-06-24 | Renamed RemovedInDjangoXYWarnings for new roadmap. | Tim Graham | |
| Forwardport of ae1d663b7913f6da233c55409c4973248372d302 from stable/1.8.x plus more. | |||
| 2015-03-27 | Fixed #24469 -- Refined escaping of Django's form elements in non-Django ↵ | Moritz Sichert | |
| templates. | |||
| 2015-03-18 | Fixed an infinite loop possibility in strip_tags(). | Tim Graham | |
| This is a security fix; disclosure to follow shortly. | |||
| 2015-02-06 | Sorted imports with isort; refs #23860. | Tim Graham | |
| 2014-12-30 | Applied ignore_warnings to Django tests | Claude Paroz | |
| 2014-12-03 | Removed redundant numbered parameters from str.format(). | Berker Peksag | |
| Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}". | |||
| 2014-09-09 | Fixed urlize after smart_urlquote rewrite | Claude Paroz | |
| Refs #22267. | |||
 |
index : django.git | |
| django |
| summaryrefslogtreecommitdiff |