135462)

Django Sun, 13 Jul 2025 09:10:58 -0700

#36499: strip_tags() fails with patched Python versions due to HTMLParser EOF
behavior change
---------------------------+------------------------------------
     Reporter:  MeggyCal   |                    Owner:  (none)
         Type:  Bug        |                   Status:  new
    Component:  Utilities  |                  Version:  5.2
     Severity:  Normal     |               Resolution:
     Keywords:             |             Triage Stage:  Accepted
    Has patch:  0          |      Needs documentation:  0
  Needs tests:  0          |  Patch needs improvement:  0
Easy pickings:  0          |                    UI/UX:  0
---------------------------+------------------------------------
Changes (by Clifford Gama):


 * cc: Clifford Gama (added)
 * component:  Uncategorized => Utilities
 * stage:  Unreviewed => Accepted
 * summary:
     CPython might have introduced a change of behaviour in their fix for
     https://github.com/python/cpython/issues/135462
     =>
     strip_tags() fails with patched Python versions due to HTMLParser EOF
     behavior change

Comment:

 Thanks for the report! I managed to reproduce on against the main python
 
[https://github.com/cliff688/cpython/commit/e18829a8adb3a64ffffffbd7dcada3c3611522b0
 e18829a8] branch. Since
 
[https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41
 the commit] ([https://github.com/python/cpython/pull/135464 gh-135462])
 was backported to Python versions currently supported by Django, I think
 we can accept this on the basis that Django needs to make a decision. I
 think the issue is that an unterminated tag is now being discarded. In the
 case of the failing tests these are `"<a<a..."` and `"<&&&...&D"` and the
 first `"<sc"` in `"<sc<!-- -->ript>test<<!-- -->/script>"`.

 I see two ways we may handle this:
 1. Adjust `strip_tags()` to preserve pre-3.13 behavior, ensuring
 consistency, or
 2. Update tests, and possibly note the behavioral shift in docs, although
 the latter may not be necessary as the changed behaviour was not
 documented.

 (FWIW, the associated issue that introduced the commit in Python was
 marked is a security issue.)
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36499#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/01070198048db04d-97a0c712-ab08-4770-8be0-1fba95205a31-000000%40eu-central-1.amazonses.com.

Re: [Django] #36499: strip_tags() fails with patched Python versions due to HTMLParser EOF behavior change (was: CPython might have introduced a change of behaviour in their fix for https://github.com/python/cpython/issues/135462)

Reply via email to