The Vulnerability History Project

[1.6.x] Improved strip_tags and clarified documentation

      The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
Backport of 6ca6c36f8 from master.

by Nick the Sea Slug 2014-03-20 15:50:50 UTC

commit d1503afd66ca8f2f8d3819ba8a60727e0ee66cec

Django

django/utils/html.py

+28 -4

docs/ref/templates/builtins.txt

+11 -1

docs/ref/utils.txt

+12 -6

tests/utils_tests/test_html.py

expand_less