Fixed #23269 -- Deprecated django.utils.remove_tags() and removetags filter.

import re

import sys

import warnings

from django.utils.deprecation import RemovedInDjango20Warning

from django.utils.encoding import force_text, force_str

from django.utils.functional import allow_lazy

from django.utils.http import RFC3986_GENDELIMS, RFC3986_SUBDELIMS

def remove_tags(html, tags):

    """Returns the given HTML with given tags removed."""

    warnings.warn(

        "django.utils.html.remove_tags() and the removetags template filter "

        "are deprecated. Consider using the bleach library instead.",

        RemovedInDjango20Warning, stacklevel=3

    )

    tags = [re.escape(tag) for tag in tags.split()]

    tags_re = '(%s)' % '|'.join(tags)

    starttag_re = re.compile(r'<%s(/?>|(\s+[^>]*>))' % tags_re, re.U)

def strip_entities(value):

    """Returns the given HTML with all entities (&something;) stripped."""

    warnings.warn(

        "django.utils.html.strip_entities() is deprecated.",

        RemovedInDjango20Warning, stacklevel=2

    )

    return re.sub(r'&(?:\w+|#\d+);', '', force_text(value))

strip_entities = allow_lazy(strip_entities, six.text_type)

* The backward compatible shim  to rename ``django.forms.Form._has_changed()``

  to ``has_changed()`` will be removed.

* The ``removetags`` template filter will be removed.

* The ``remove_tags()`` and ``strip_entities()`` functions in

  ``django.utils.html`` will be removed.

.. _deprecation-removed-in-1.9:

1.9

removetags

^^^^^^^^^^

.. deprecated:: 1.8

    ``removetags`` cannot guarantee HTML safe output and has been deprecated due

    to security concerns. Consider using `bleach`_ instead.

.. _bleach: http://bleach.readthedocs.org/en/latest/

Removes a space-separated list of [X]HTML tags from the output.

For example::

    If you are looking for a more robust solution, take a look at the `bleach`_

    Python library.

    .. _bleach: https://pypi.python.org/pypi/bleach

.. function:: remove_tags(value, tags)

    .. deprecated:: 1.8

        ``remove_tags()`` cannot guarantee HTML safe output and has been

        deprecated due to security concerns. Consider using `bleach`_ instead.

    Removes a space-separated list of [X]HTML tag names from the output.

    Absolutely NO guarantee is provided about the resulting string being HTML

    the return value will be ``"<B>Joel</B> <button>is</button> a slug"``.

.. _str.format: http://docs.python.org/library/stdtypes.html#str.format

.. _bleach: https://pypi.python.org/pypi/bleach

``django.utils.http``

=====================

Rename this method to :meth:`~django.forms.Field.has_changed` by removing the

leading underscore. The old name will still work until Django 2.0.

``django.utils.html.remove_tags()`` and ``removetags`` template filter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

``django.utils.html.remove_tags()`` as well as the template filter

``removetags`` have been deprecated as they cannot guarantee safe output. Their

existence is likely to lead to their use in security-sensitive contexts where

they are not actually safe.

The unused and undocumented ``django.utils.html.strip_entities()`` function has

also been deprecated.