[Django] #23734: Templates intro talks about striptags without the appropriate security disclaimer
Django
disclaimer
------------------------------------------------+------------------------
Reporter: aaugustin | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
I'm refering to this section:
https://docs.djangoproject.com/en/dev/topics/templates/#filters
I suggest choosing another example. What about `|filesizeformat`? At least
there are no security ramifications I can think of.
--
Ticket URL: <https://code.djangoproject.com/ticket/23734>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
disclaimer
Reporter: aaugustin | Owner: timgraham
Type: | Status: assigned
Cleanup/optimization | Version: 1.7
Component: Documentation | Resolution:
Severity: Normal | Triage Stage: Accepted
Keywords: | Needs documentation: 0
Has patch: 0 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Changes (by timgraham):
* status: new => assigned
* owner: nobody => timgraham
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/23734#comment:1>
Django
disclaimer
Reporter: aaugustin | Owner: timgraham
Cleanup/optimization | Version: 1.7
Component: Documentation | Resolution: fixed
Severity: Normal | Triage Stage: Accepted
Keywords: | Needs documentation: 0
Has patch: 0 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"08c5887f134da761dc59f52280116dd9849985a7"]:
{{{
#!CommitTicketReference repository=""
revision="08c5887f134da761dc59f52280116dd9849985a7"
Fixed #23734 -- Replaced striptags in template filter overview since it
has security implications.
Thanks Aymeric Augustin for the suggestion.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23734#comment:2>
Django
disclaimer
Reporter: aaugustin | Owner: timgraham
Type: | Status: closed
Cleanup/optimization | Version: 1.7
Component: Documentation | Resolution: fixed
Severity: Normal | Triage Stage: Accepted
Keywords: | Needs documentation: 0
Has patch: 0 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"ee2e09864d40f9781bf38d8048b1ddeb56baa089"]:
{{{
#!CommitTicketReference repository=""
revision="ee2e09864d40f9781bf38d8048b1ddeb56baa089"
[1.7.x] Fixed #23734 -- Replaced striptags in template filter overview
since it has security implications.
Thanks Aymeric Augustin for the suggestion.
Backport of 08c5887f13 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23734#comment:3>
Django
disclaimer
Reporter: aaugustin | Owner: timgraham
Type: | Status: closed
Cleanup/optimization | Version: 1.7
Component: Documentation | Resolution: fixed
Severity: Normal | Triage Stage: Accepted
Keywords: | Needs documentation: 0
Has patch: 0 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"2365c7c230c9fd597f578168ae8fad234045d03e"]:
{{{
#!CommitTicketReference repository=""
revision="2365c7c230c9fd597f578168ae8fad234045d03e"
[1.6.x] Fixed #23734 -- Replaced striptags in template filter overview
since it has security implications.
Thanks Aymeric Augustin for the suggestion.
Backport of 08c5887f13 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23734#comment:4>