[Python-checkins] bpo-35603: Add a note on difflib table header interpreted as HTML (GH-11439)
Miss Islington (bot)
webhook-mailer at python.org
Wed Sep 11 08:24:58 EDT 2019
https://github.com/python/cpython/commit/44e36e80456dabaeb59c6e2a93e0c1322bfeb179
commit: 44e36e80456dabaeb59c6e2a93e0c1322bfeb179
branch: 3.8
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2019-09-11T05:24:55-07:00
summary:
bpo-35603: Add a note on difflib table header interpreted as HTML (GH-11439)
(cherry picked from commit c78dae8d2b890d487e428dce00c7f600612cce7b)
Co-authored-by: Xtreak <tir.karthi at gmail.com>
files:
M Doc/library/difflib.rst
diff --git a/Doc/library/difflib.rst b/Doc/library/difflib.rst
index e245ab81cfb9..c2a19dc019bb 100644
--- a/Doc/library/difflib.rst
+++ b/Doc/library/difflib.rst
@@ -127,6 +127,10 @@ diffs. For comparing directories and files, see also, the :mod:`filecmp` module.
the next difference highlight at the top of the browser without any leading
context).
+ .. note::
+ *fromdesc* and *todesc* are interpreted as unescaped HTML and should be
+ properly escaped while receiving input from untrusted sources.
+
.. versionchanged:: 3.5
*charset* keyword-only argument was added. The default charset of
HTML document changed from ``'ISO-8859-1'`` to ``'utf-8'``.
More information about the Python-checkins
mailing list