django-rest-framework/rest_framework
Seokchan Yoon 3b41f01241
Fix potential XSS vulnerability in break_long_headers template filter (#9435)
The header input is now properly escaped before splitting and joining with <br> tags. This prevents potential XSS attacks if the header contains unsanitized user input.
2024-06-14 10:52:02 +01:00
..
authtoken Remove unused code 2024-04-30 18:28:22 +02:00
locale Translations updated from transifex and compiled 2020-10-13 22:05:24 +02:00
management Add --api-version CLI option to generateschema (#8663) 2022-09-22 10:36:01 +01:00
schemas Update deprecation hints 2024-04-30 18:28:23 +02:00
static/rest_framework Improve integration with Django Debug Toolbar (#9213) 2024-03-07 10:58:59 +01:00
templates/rest_framework Use POST method instead of GET to perform logout in browsable API (#9208) 2024-02-19 23:28:04 +01:00
templatetags Fix potential XSS vulnerability in break_long_headers template filter (#9435) 2024-06-14 10:52:02 +01:00
utils Remove unused code 2024-04-30 18:28:22 +02:00
__init__.py Update deprecation hints 2024-04-30 18:28:23 +02:00
apps.py Make DEFAULT_PAGINATION_CLASS None by default. (#5170) 2017-09-25 15:36:30 +02:00
authentication.py replace partition with split in BasicAuthentication (#8790) 2022-12-08 09:52:35 +06:00
checks.py Fix punctuation in system check (#7281) 2020-04-20 16:40:05 -07:00
compat.py Remove unused code 2024-04-30 18:28:22 +02:00
decorators.py pre-commit autoupdate (#9232) 2024-01-24 22:47:46 +01:00
documentation.py Updated url()'s with path() and re_path() (#7492) 2020-08-25 13:50:02 +02:00
exceptions.py Revert "feat: Add some changes to ValidationError to support django style vad…" (#9326) 2024-03-21 17:09:43 +01:00
fields.py use warnings rather than logging a warning for DecimalField warnings (#9367) 2024-04-27 17:15:06 +06:00
filters.py Remove unused code 2024-04-30 18:28:22 +02:00
generics.py Allow generic requests, responses, fields, views (#8825) 2023-02-22 21:39:01 +06:00
metadata.py Revert #9030 (#9333) 2024-03-22 09:40:34 +01:00
mixins.py Revert "Re-prefetch related objects after updating (#8043)" (#9327) 2024-03-21 22:23:30 +00:00
negotiation.py Replaced parse_header with parse_header_parameters. (#8556) 2022-07-14 14:20:36 +02:00
pagination.py Revert "Ensure CursorPagination respects nulls in the ordering field (#8912)" (#9381) 2024-04-27 17:07:05 +06:00
parsers.py Remove unused code 2024-04-30 18:28:22 +02:00
permissions.py Add __hash__ method for permissions.OperandHolder class (#9417) 2024-06-10 12:19:06 +06:00
relations.py Replaced OrderedDict with dict (#8964) 2023-04-30 15:20:02 +06:00
renderers.py Remove unused code 2024-04-30 18:28:22 +02:00
request.py Remove unused code 2024-04-30 18:28:22 +02:00
response.py Allow generic requests, responses, fields, views (#8825) 2023-02-22 21:39:01 +06:00
reverse.py Dropped Python 2 compatibility. (#6615) 2019-04-30 17:53:44 +02:00
routers.py Use str as default path converter (#9066) 2023-08-16 20:11:50 +06:00
serializers.py Revert "Fix validation for ListSerializer (#8979)" (#9283) 2024-03-13 15:15:43 +00:00
settings.py Fix typo (#9231) 2024-01-24 23:17:01 +01:00
status.py Added http 102, 103, 421, and 425 status codes (#8350) 2022-02-03 11:57:47 +00:00
test.py Remove unused code 2024-04-30 18:28:22 +02:00
throttling.py Fix error in throttling when request.user is None (#8370) 2022-06-24 13:02:11 +01:00
urlpatterns.py Updated url()'s with path() and re_path() (#7492) 2020-08-25 13:50:02 +02:00
urls.py Replace all url() calls with path() or re_path() (#7512) 2020-09-08 15:32:27 +01:00
validators.py Avoid unnecessary unique together checking (#9154) 2024-01-26 11:36:18 +01:00
versioning.py Revert "Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespac…" (#9335) 2024-03-22 09:39:30 +00:00
views.py - Update the message to be consistent with the Django HttpResponseBase class. (#9287) 2024-03-17 14:22:03 +01:00
viewsets.py Replaced OrderedDict with dict (#8964) 2023-04-30 15:20:02 +06:00