bpo-35603: Add a note on difflib table header interpreted as HTML (GH-11439)

author Xtreak <tir.karthi@gmail.com>

Wed, 11 Sep 2019 11:21:31 +0000 (12:21 +0100)

committer Julien Palard <julien@palard.fr>

Wed, 11 Sep 2019 11:21:30 +0000 (13:21 +0200)
author Xtreak <tir.karthi@gmail.com>
Wed, 11 Sep 2019 11:21:31 +0000 (12:21 +0100)
committer Julien Palard <julien@palard.fr>
Wed, 11 Sep 2019 11:21:30 +0000 (13:21 +0200)
diff --git a/Doc/library/difflib.rst b/Doc/library/difflib.rst

index e245ab81cfb9496f6a0b5e941bb4691ecea18470..c2a19dc019bb3792c60475cbdd9a910a29c41938 100644 (file)
--- a/Doc/library/difflib.rst
+++ b/Doc/library/difflib.rst
@@ -127,6 +127,10 @@ diffs. For comparing directories and files, see also, the :mod:`filecmp` module.
        the next difference highlight at the top of the browser without any leading
        context).
  
+      .. note::
+         *fromdesc* and *todesc* are interpreted as unescaped HTML and should be
+         properly escaped while receiving input from untrusted sources.
+
        .. versionchanged:: 3.5
           *charset* keyword-only argument was added.  The default charset of
           HTML document changed from ``'ISO-8859-1'`` to ``'utf-8'``.
author	Xtreak <tir.karthi@gmail.com>
	Wed, 11 Sep 2019 11:21:31 +0000 (12:21 +0100)
committer	Julien Palard <julien@palard.fr>
	Wed, 11 Sep 2019 11:21:30 +0000 (13:21 +0200)