bpo-35603: Add a note on difflib table header interpreted as HTML (GH-11439)

author: Xtreak <tir.karthi@gmail.com> 2019-09-11 11:21:31 (GMT)
committer: Julien Palard <julien@palard.fr> 2019-09-11 11:21:30 (GMT)
commit: c78dae8d2b890d487e428dce00c7f600612cce7b (patch)
tree: 5d4e2d42636dfd5ab192a5bb8d455509ea6d9e03 /Doc/library
parent: 2d7cacacc310b65b43e7e2de89e7722291dea6a4 (diff)
download: cpython-c78dae8d2b890d487e428dce00c7f600612cce7b.zip
cpython-c78dae8d2b890d487e428dce00c7f600612cce7b.tar.gz
cpython-c78dae8d2b890d487e428dce00c7f600612cce7b.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/Doc/library/difflib.rst b/Doc/library/difflib.rst
index e245ab8..c2a19dc 100644
--- a/Doc/library/difflib.rst
+++ b/Doc/library/difflib.rst
@@ -127,6 +127,10 @@ diffs. For comparing directories and files, see also, the :mod:`filecmp` module.
       the next difference highlight at the top of the browser without any leading
       context).
 
+      .. note::
+         *fromdesc* and *todesc* are interpreted as unescaped HTML and should be
+         properly escaped while receiving input from untrusted sources.
+
       .. versionchanged:: 3.5
          *charset* keyword-only argument was added.  The default charset of
          HTML document changed from ``'ISO-8859-1'`` to ``'utf-8'``.
author	Xtreak <tir.karthi@gmail.com>	2019-09-11 11:21:31 (GMT)
committer	Julien Palard <julien@palard.fr>	2019-09-11 11:21:30 (GMT)
commit	c78dae8d2b890d487e428dce00c7f600612cce7b (patch)
tree	5d4e2d42636dfd5ab192a5bb8d455509ea6d9e03 /Doc/library
parent	2d7cacacc310b65b43e7e2de89e7722291dea6a4 (diff)
download	cpython-c78dae8d2b890d487e428dce00c7f600612cce7b.zip cpython-c78dae8d2b890d487e428dce00c7f600612cce7b.tar.gz cpython-c78dae8d2b890d487e428dce00c7f600612cce7b.tar.bz2