Commit f108b1f7 authored by Claude Paroz's avatar Claude Paroz
Browse files

[1.4.x] Clarified striptags documentation 

The fact that striptags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/

Partial backport (doc-only) of 6ca6c36f from master.
parent b8713ee6

docs/ref/templates/builtins.txt

+11 −1
Original line number Diff line number Diff line
@@ -1988,7 +1988,7 @@ If ``value`` is ``"Joel is a slug"``, the output will be ``"Joel is a slug"``. 
striptags

^^^^^^^^^



Strips all [X]HTML tags.

Makes all possible efforts to strip all [X]HTML tags.



For example::
@@ -1997,6 +1997,16 @@ For example:: 
If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"``, the

output will be ``"Joel is a slug"``.



.. admonition:: No safety guarantee



    Note that ``striptags`` doesn't give any guarantee about its output being

    entirely HTML safe, particularly with non valid HTML input. So **NEVER**

    apply the ``safe`` filter to a ``striptags`` output.

    If you are looking for something more robust, you can use the ``bleach``

    Python library, notably its `clean`_ method.



.. _clean: http://bleach.readthedocs.org/en/latest/clean.html



.. templatefilter:: time



time