Change History (5)
comment:1 by , 4 weeks ago
comment:3 by , 4 weeks ago
From https://docs.python.org/release/3.13.6/whatsnew/changelog.html#python-3-13-6 :
Security gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard. Whitespaces no longer accepted between </ and the tag name. E.g. </ script> does not end the script section. Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space. Null character (U+0000) no longer ends the tag name. Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. </script/foo=">"/>. Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. <a foo=bar/ //>. Multiple = between attribute name and value are no longer collapsed. E.g. <a foo==bar> produces attribute “foo” with value “=bar”. gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 standard. --!> now ends the comment. -- > no longer ends the comment. Support abnormally ended empty comments <--> and <--->. gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored. gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser.
comment:4 by , 4 weeks ago
Priority: | normal → high |
---|
Note:
See TracTickets
for help on using tickets.
3.13.6 is the sixth maintenance release of 3.13, containing around 200 bugfixes, build improvements and documentation changes since 3.13.5.