[Python-checkins] bpo-35603: Add a note on difflib table header interpreted as HTML (GH-11439)
Julien Palard
webhook-mailer at python.org
Wed Sep 11 07:21:34 EDT 2019
https://github.com/python/cpython/commit/c78dae8d2b890d487e428dce00c7f600612cce7b
commit: c78dae8d2b890d487e428dce00c7f600612cce7b
branch: master
author: Xtreak <tir.karthi at gmail.com>
committer: Julien Palard <julien at palard.fr>
date: 2019-09-11T13:21:30+02:00
summary:
bpo-35603: Add a note on difflib table header interpreted as HTML (GH-11439)
files:
M Doc/library/difflib.rst
diff --git a/Doc/library/difflib.rst b/Doc/library/difflib.rst
index e245ab81cfb9..c2a19dc019bb 100644
--- a/Doc/library/difflib.rst
+++ b/Doc/library/difflib.rst
@@ -127,6 +127,10 @@ diffs. For comparing directories and files, see also, the :mod:`filecmp` module.
the next difference highlight at the top of the browser without any leading
context).
+ .. note::
+ *fromdesc* and *todesc* are interpreted as unescaped HTML and should be
+ properly escaped while receiving input from untrusted sources.
+
.. versionchanged:: 3.5
*charset* keyword-only argument was added. The default charset of
HTML document changed from ``'ISO-8859-1'`` to ``'utf-8'``.
More information about the Python-checkins
mailing list