Ticket #19237: 19237-parser-6.diff

File 19237-parser-6.diff, 2.6 KB (added by Claude Paroz, 6 years ago)

No content encoding, but warning in docs (more backwards-compatible)

  • django/utils/html.py

    diff --git a/django/utils/html.py b/django/utils/html.py
    index 5732350..0d28c77 100644
    a b from django.utils.functional import allow_lazy 
    1616from django.utils import six
    1717from django.utils.text import normalize_newlines
    1818
    19 from .html_parser import HTMLParser
     19from .html_parser import HTMLParser, HTMLParseError
    2020
    2121
    2222# Configuration for urlize() function.
    class MLStripper(HTMLParser): 
    136136def strip_tags(value):
    137137    """Returns the given HTML with all tags stripped."""
    138138    s = MLStripper()
    139     s.feed(value)
    140     data = s.get_data()
    141139    try:
    142         res = s.close()
    143     except Exception as e:
    144         data += s.rawdata
    145     return data
     140        s.feed(value)
     141        s.close()
     142    except HTMLParseError:
     143        return value
     144    else:
     145        return s.get_data()
    146146strip_tags = allow_lazy(strip_tags)
    147147
    148148def remove_tags(html, tags):
  • docs/ref/utils.txt

    diff --git a/docs/ref/utils.txt b/docs/ref/utils.txt
    index 14ae9aa..e8db420 100644
    a b Atom1Feed 
    490490
    491491Usually you should build up HTML using Django's templates to make use of its
    492492autoescape mechanism, using the utilities in :mod:`django.utils.safestring`
    493 where appropriate. This module provides some additional low level utilitiesfor
     493where appropriate. This module provides some additional low level utilities for
    494494escaping HTML.
    495495
    496496.. function:: escape(text)
    escaping HTML. 
    564564        strip_tags(value)
    565565
    566566    If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"`` the
    567     return value will be ``"Joel is a slug"``.
     567    return value will be ``"Joel is a slug"``. Note that ``strip_tags`` might
     568    still contain unsafe HTML content, so if you plan to use the result in an
     569    HTML context, you should still :func:`~django.utils.http.urlencode` (and
     570    optionally :func:`~django.utils.safestring.mark_safe`) the returned value.
     571
     572    .. versionchanged:: 1.6
     573
     574        For improved safety, ``strip_tags`` is now parser-based.
    568575
    569576.. function:: remove_tags(value, tags)
    570577
  • tests/utils_tests/test_html.py

    diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
    index c3e9f7c..b973f1c 100644
    a b class TestUtilsHtml(TestCase): 
    7070            ('</adf>a', 'a'),
    7171            ('<asdf><asdf>e', 'e'),
    7272            ('hi, <f x', 'hi, <f x'),
     73            ('234<235, right?', '234<235, right?'),
     74            ('a4<a5 right?', 'a4<a5 right?'),
     75            ('b7>b2!', 'b7>b2!'),
    7376            ('</fe', '</fe'),
    7477            ('<x>b<y>', 'b'),
    7578            ('a<p onclick="alert(\'<test>\')">b</p>c', 'abc'),
Back to Top