mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text.

Browse source 
Thanks Wenchao Li of Alibaba Group for the report.
This commit is contained in:
Natalia 2023-09-19 09:51:48 -03:00
parent 1dae65dc63
commit 17b51094d7
6 changed files with 115 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

20
docs/ref/templates/builtins.txt
View file

@ -2648,6 +2648,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
Newlines in the HTML content will be preserved.
.. admonition:: Size of input string
Processing large, potentially malformed HTML strings can be
resource-intensive and impact service performance. ``truncatechars_html``
limits input to the first five million characters.
.. versionchanged:: 3.2.22
In older versions, strings over five million characters were processed.
.. templatefilter:: truncatewords
``truncatewords``
@ -2690,6 +2700,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be
Newlines in the HTML content will be preserved.
.. admonition:: Size of input string
Processing large, potentially malformed HTML strings can be
resource-intensive and impact service performance. ``truncatewords_html``
limits input to the first five million characters.
.. versionchanged:: 3.2.22
In older versions, strings over five million characters were processed.
.. templatefilter:: unordered_list
``unordered_list``