#30686: Improve utils.text.Truncator &co to use a full HTML parser.
-------------------------------------+-------------------------------------
Reporter: Thomas Hooper | Owner: David
| Smith
Type: Bug | Status: closed
Component: Utilities | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Jacob Walls <jacobtylerwalls@…>):
In [changeset:"b40cfc6052ced26dcd8166a58ea6f841d0d2cac8" b40cfc60]:
{{{#!CommitTicketReference repository=""
revision="b40cfc6052ced26dcd8166a58ea6f841d0d2cac8"
[4.2.x] Fixed CVE-2026-1285 -- Mitigated potential DoS in
django.utils.text.Truncator for HTML input.
The `TruncateHTMLParser` used `deque.remove()` to remove tags from the
stack when processing end tags. With crafted input containing many
unmatched end tags, this caused repeated full scans of the tag stack,
leading to quadratic time complexity.
The fix uses LIFO semantics, only removing a tag from the stack when it
matches the most recently opened tag. This avoids linear scans for
unmatched end tags and reduces complexity to linear time.
Refs #30686 and 6ee37ada3241ed263d8d1c2901b030d964cbd161.
Thanks Seokchan Yoon for the report.
Backport of a33540b3e20b5d759aa8b2e4b9ca0e8edd285344 from main.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30686#comment:43>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019c23ccecf5-8b400748-7021-4a6d-a13f-cba70de2baf1-000000%40eu-central-1.amazonses.com.
