Browse files

[1.4.x] Clarified striptags documentation

The fact that striptags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:

Partial backport (doc-only) of 6ca6c36 from master.
  • Loading branch information...
1 parent b8713ee commit f108b1f7d79526fb2fc0a6ff212744cffb399d15 @claudep claudep committed Mar 22, 2014
Showing with 11 additions and 1 deletion.
  1. +11 −1 docs/ref/templates/builtins.txt
12 docs/ref/templates/builtins.txt
@@ -1988,7 +1988,7 @@ If ``value`` is ``"Joel is a slug"``, the output will be ``"Joel is a slug"``.
-Strips all [X]HTML tags.
+Makes all possible efforts to strip all [X]HTML tags.
For example::
@@ -1997,6 +1997,16 @@ For example::
If ``value`` is ``"<b>Joel</b> <button>is</button> a <span>slug</span>"``, the
output will be ``"Joel is a slug"``.
+.. admonition:: No safety guarantee
+ Note that ``striptags`` doesn't give any guarantee about its output being
+ entirely HTML safe, particularly with non valid HTML input. So **NEVER**
+ apply the ``safe`` filter to a ``striptags`` output.
+ If you are looking for something more robust, you can use the ``bleach``
+ Python library, notably its `clean`_ method.
+.. _clean:
.. templatefilter:: time

0 comments on commit f108b1f

Please sign in to comment.