Accelerated deprecation of fix_ampersands and clean_html

[Erik Romijn]

Dear all,

I would like to propose the accelerated deprecation of the
fix_ampersands built-in template filter, because in all use cases, it
either simply does not work, or stimulates the user to create security
vulnerabilities.

In addition, I would like to deprecate django.utils.html.clean_html. This
is the only code in Django that uses fix_ampersands, and it's use is
rather unclear. This function is not documented.

I have written a more extensive rationale on the ticket created for this:
https://code.djangoproject.com/ticket/22130

Are there any concerns or suggestions?

cheers,
Erik

[Alex Gaynor]

For what it's worth, source graph is unable to find any callers of clean_html in OSS code (maybe github only?) either: https://sourcegraph.com/github.com/django/django/symbols/python/django/utils/html/clean_html

Alex

--
You received this message because you are subscribed to the Google Groups "Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/C8ED78A5-2486-411F-AA93-4D147F5C6169%40solidlinks.nl.
For more options, visit https://groups.google.com/groups/opt_out.

--

"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero

GPG Key fingerprint: 125F 5C67 DFE9 4084