id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
25401	django.utils.html.strip_tags can insert spurious semicolons	Jon Baldivieso	nobody	"In limited circumstances, strip_tags mangles legitimate text, inserting a semicolon before underscores.

{{{
from django.utils.html import strip_tags

# Good
strip_tags(""&first_name"")
>>> '&first_name'

# Good
strip_tags(""first_name<br>"")
>>> u'first_name'

# Bad: semicolon introduced before underscore
strip_tags(""&first_name<br>"")
>>> u'&first;_name'

}}}

Our use-case is allowing rich emails to be drafted using Markdown; completely safe Markdown urls with query strings can get mangled with this bug."	Bug	closed	Utilities	1.8	Normal	wontfix			Accepted	0	0	0	0	0	0