diff --git a/django/utils/html.py b/django/utils/html.py
index 5732350..0d28c77 100644
|
a
|
b
|
from django.utils.functional import allow_lazy
|
| 16 | 16 | from django.utils import six |
| 17 | 17 | from django.utils.text import normalize_newlines |
| 18 | 18 | |
| 19 | | from .html_parser import HTMLParser |
| | 19 | from .html_parser import HTMLParser, HTMLParseError |
| 20 | 20 | |
| 21 | 21 | |
| 22 | 22 | # Configuration for urlize() function. |
| … |
… |
class MLStripper(HTMLParser):
|
| 136 | 136 | def strip_tags(value): |
| 137 | 137 | """Returns the given HTML with all tags stripped.""" |
| 138 | 138 | s = MLStripper() |
| 139 | | s.feed(value) |
| 140 | | data = s.get_data() |
| 141 | 139 | try: |
| 142 | | res = s.close() |
| 143 | | except Exception as e: |
| 144 | | data += s.rawdata |
| 145 | | return data |
| | 140 | s.feed(value) |
| | 141 | s.close() |
| | 142 | except HTMLParseError: |
| | 143 | return value |
| | 144 | else: |
| | 145 | return s.get_data() |
| 146 | 146 | strip_tags = allow_lazy(strip_tags) |
| 147 | 147 | |
| 148 | 148 | def remove_tags(html, tags): |
diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt
index 14ae9aa..e8db420 100644
|
a
|
b
|
Atom1Feed
|
| 490 | 490 | |
| 491 | 491 | Usually you should build up HTML using Django's templates to make use of its |
| 492 | 492 | autoescape mechanism, using the utilities in :mod:`django.utils.safestring` |
| 493 | | where appropriate. This module provides some additional low level utilities |
| | 493 | where appropriate. This module provides some additional low level utilities for |
| 494 | 494 | escaping HTML. |
| 495 | 495 | |
| 496 | 496 | .. function:: escape(text) |
| … |
… |
escaping HTML.
|
| 564 | 564 | strip_tags(value) |
| 565 | 565 | |
| 566 | 566 | If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"`` the |
| 567 | | return value will be ``"Joel is a slug"``. |
| | 567 | return value will be ``"Joel is a slug"``. Note that ``strip_tags`` might |
| | 568 | still contain unsafe HTML content, so if you plan to use the result in an |
| | 569 | HTML context, you should still :func:`~django.utils.http.urlencode` (and |
| | 570 | optionally :func:`~django.utils.safestring.mark_safe`) the returned value. |
| | 571 | |
| | 572 | .. versionchanged:: 1.6 |
| | 573 | |
| | 574 | For improved safety, ``strip_tags`` is now parser-based. |
| 568 | 575 | |
| 569 | 576 | .. function:: remove_tags(value, tags) |
| 570 | 577 | |
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
index c3e9f7c..b973f1c 100644
|
a
|
b
|
class TestUtilsHtml(TestCase):
|
| 70 | 70 | ('</adf>a', 'a'), |
| 71 | 71 | ('<asdf><asdf>e', 'e'), |
| 72 | 72 | ('hi, <f x', 'hi, <f x'), |
| | 73 | ('234<235, right?', '234<235, right?'), |
| | 74 | ('a4<a5 right?', 'a4<a5 right?'), |
| | 75 | ('b7>b2!', 'b7>b2!'), |
| 73 | 76 | ('</fe', '</fe'), |
| 74 | 77 | ('<x>b<y>', 'b'), |
| 75 | 78 | ('a<p onclick="alert(\'<test>\')">b</p>c', 'abc'), |