From da1ba5fd79c28f0643a1eb0ce18feb51dfe4a499 Mon Sep 17 00:00:00 2001
From: Chris Khoo <chris.khoo@gmail.com>
Date: Sun, 4 Nov 2012 16:55:29 +1000
Subject: [PATCH] Fixed #19237 - The use of > in single or double quoted
 attributes in strip_tags

Updated strip_tags & added tests
---
 django/utils/html.py                | 4 ++--
 tests/regressiontests/utils/html.py | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/django/utils/html.py b/django/utils/html.py
index 9816b9accb7fc..673cfd752a9d1 100644
--- a/django/utils/html.py
+++ b/django/utils/html.py
@@ -33,7 +33,7 @@
 html_gunk_re = re.compile(r'(?:<br clear="all">|<i><\/i>|<b><\/b>|<em><\/em>|<strong><\/strong>|<\/?smallcaps>|<\/?uppercase>)', re.IGNORECASE)
 hard_coded_bullets_re = re.compile(r'((?:<p>(?:%s).*?[a-zA-Z].*?</p>\s*)+)' % '|'.join([re.escape(x) for x in DOTS]), re.DOTALL)
 trailing_empty_content_re = re.compile(r'(?:<p>(?:&nbsp;|\s|<br \/>)*?</p>\s*)+\Z')
-
+strip_tags_re = re.compile(r'</?\S([^=]*=(\s*"[^"]*"|\s*\'[^\']*\'|\S*)|[^>])*?>', re.IGNORECASE)
 
 def escape(text):
     """
@@ -117,7 +117,7 @@ def linebreaks(value, autoescape=False):
 
 def strip_tags(value):
     """Returns the given HTML with all tags stripped."""
-    return re.sub(r'<[^>]*?>', '', force_text(value))
+    return strip_tags_re.sub('', force_text(value))
 strip_tags = allow_lazy(strip_tags)
 
 def remove_tags(html, tags):
diff --git a/tests/regressiontests/utils/html.py b/tests/regressiontests/utils/html.py
index 6a93dff85e073..a0226c47657f1 100644
--- a/tests/regressiontests/utils/html.py
+++ b/tests/regressiontests/utils/html.py
@@ -65,6 +65,9 @@ def test_strip_tags(self):
             ('<f', '<f'),
             ('</fe', '</fe'),
             ('<x>b<y>', 'b'),
+            ('a<p onclick="alert(\'<test>\')">b</p>c', 'abc'),
+            ('a<p a >b</p>c', 'abc'),
+            ('d<a:b c:d>e</p>f', 'def'),
         )
         for value, output in items:
             self.check_output(f, value, output)