Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#23734 closed Cleanup/optimization (fixed)

Templates intro talks about striptags without the appropriate security disclaimer

Reported by: Aymeric Augustin Owned by: Tim Graham
Component: Documentation Version: 1.7
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I'm refering to this section: https://docs.djangoproject.com/en/dev/topics/templates/#filters

I suggest choosing another example. What about |filesizeformat? At least there are no security ramifications I can think of.

Change History (4)

comment:1 by Tim Graham, 10 years ago

Owner: changed from nobody to Tim Graham
Status: newassigned
Triage Stage: UnreviewedAccepted

comment:2 by Tim Graham <timograham@…>, 10 years ago

Resolution: fixed
Status: assignedclosed

In 08c5887f134da761dc59f52280116dd9849985a7:

Fixed #23734 -- Replaced striptags in template filter overview since it has security implications.

Thanks Aymeric Augustin for the suggestion.

comment:3 by Tim Graham <timograham@…>, 10 years ago

In ee2e09864d40f9781bf38d8048b1ddeb56baa089:

[1.7.x] Fixed #23734 -- Replaced striptags in template filter overview since it has security implications.

Thanks Aymeric Augustin for the suggestion.

Backport of 08c5887f13 from master

comment:4 by Tim Graham <timograham@…>, 10 years ago

In 2365c7c230c9fd597f578168ae8fad234045d03e:

[1.6.x] Fixed #23734 -- Replaced striptags in template filter overview since it has security implications.

Thanks Aymeric Augustin for the suggestion.

Backport of 08c5887f13 from master

Note: See TracTickets for help on using tickets.
Back to Top