Skip to content

[pull] main from django:main#470

Merged
pull[bot] merged 6 commits into
threatcode:mainfrom
django:main
Jun 24, 2026
Merged

[pull] main from django:main#470
pull[bot] merged 6 commits into
threatcode:mainfrom
django:main

Conversation

@pull

@pull pull Bot commented Jun 24, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

…cached pages.

This prevents collisions between header values that concatenate to the same thing.
…r cached template fragments.

This algorithm used a delimiter, but because it didn't use a length,
argument values containing the delimiter could still cause collisions.
…ng on arguments.

Thanks Natalia Bidart for the review.
…tes.

`SimplerXMLGenerator` already rejected control characters (unsupported
in XML 1.0) in element content, but attribute values were written
unchecked, so unsanitized input could still produce an unparseable
XML document. The existing check now runs over attribute values in
`startElement()`. This covers both syndication feeds, where item data
may flow into attributes such as `Atom` category terms, and the XML
serializer, which wraps the error to identify the offending object.
@pull pull Bot locked and limited conversation to collaborators Jun 24, 2026
@pull pull Bot added the ⤵️ pull label Jun 24, 2026
@pull pull Bot merged commit 67c4075 into threatcode:main Jun 24, 2026
1 check failed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant