Ticket #19237: 19237-parser-5.diff

File 19237-parser-5.diff, 2.4 KB (added by Claude Paroz, 6 years ago)
  • django/utils/html.py

    diff --git a/django/utils/html.py b/django/utils/html.py
    index 5732350..2a20847 100644
    a b from django.utils.functional import allow_lazy 
    1616from django.utils import six
    1717from django.utils.text import normalize_newlines
    1818
    19 from .html_parser import HTMLParser
     19from .html_parser import HTMLParser, HTMLParseError
    2020
    2121
    2222# Configuration for urlize() function.
    class MLStripper(HTMLParser): 
    136136def strip_tags(value):
    137137    """Returns the given HTML with all tags stripped."""
    138138    s = MLStripper()
    139     s.feed(value)
    140     data = s.get_data()
    141139    try:
    142         res = s.close()
    143     except Exception as e:
    144         data += s.rawdata
    145     return data
     140        s.feed(value)
     141        s.close()
     142    except HTMLParseError:
     143        data = value
     144    else:
     145        data = s.get_data()
     146    return data.replace('<', '&lt;').replace('>', '&gt;')
    146147strip_tags = allow_lazy(strip_tags)
    147148
    148149def remove_tags(html, tags):
  • docs/ref/utils.txt

    diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt
    index 14ae9aa..8de2e0f 100644
    a b escaping HTML. 
    566566    If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"`` the
    567567    return value will be ``"Joel is a slug"``.
    568568
     569    .. versionchanged:: 1.6
     570
     571        For improved safety, ``strip_tags`` is now parser-based. Any ``<`` or
     572        ``>`` characters that are not part of a valid tag are replaced by their
     573        encoded equivalents (``&lt;`` and ``&gt;``).
     574
     575
    569576.. function:: remove_tags(value, tags)
    570577
    571578    Removes a space-separated list of [X]HTML tag names from the output.
  • tests/utils_tests/test_html.py

    diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
    index c3e9f7c..78967d5 100644
    a b class TestUtilsHtml(TestCase): 
    6969            ('<adf>a', 'a'),
    7070            ('</adf>a', 'a'),
    7171            ('<asdf><asdf>e', 'e'),
    72             ('hi, <f x', 'hi, <f x'),
    73             ('</fe', '</fe'),
     72            ('hi, <f x', 'hi, &lt;f x'),
     73            ('234<235, right?', '234&lt;235, right?'),
     74            ('a4<a5 right?', 'a4&lt;a5 right?'),
     75            ('b7>b2!', 'b7&gt;b2!'),
     76            ('</fe', '&lt;/fe'),
    7477            ('<x>b<y>', 'b'),
    7578            ('a<p onclick="alert(\'<test>\')">b</p>c', 'abc'),
    7679            ('a<p a >b</p>c', 'abc'),
Back to Top