From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Wed, 11 Sep 2019 12:24:55 +0000 (-0700)
Subject: bpo-35603: Add a note on difflib table header interpreted as HTML (GH-11439)
X-Git-Tag: v3.8.0rc1~195
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=44e36e80456dabaeb59c6e2a93e0c1322bfeb179;p=thirdparty%2FPython%2Fcpython.git

bpo-35603: Add a note on difflib table header interpreted as HTML (GH-11439)

(cherry picked from commit c78dae8d2b890d487e428dce00c7f600612cce7b)

Co-authored-by: Xtreak <tir.karthi@gmail.com>
---

diff --git a/Doc/library/difflib.rst b/Doc/library/difflib.rst
index e245ab81cfb9..c2a19dc019bb 100644
--- a/Doc/library/difflib.rst
+++ b/Doc/library/difflib.rst
@@ -127,6 +127,10 @@ diffs. For comparing directories and files, see also, the :mod:`filecmp` module.
       the next difference highlight at the top of the browser without any leading
       context).
 
+      .. note::
+         *fromdesc* and *todesc* are interpreted as unescaped HTML and should be
+         properly escaped while receiving input from untrusted sources.
+
       .. versionchanged:: 3.5
          *charset* keyword-only argument was added.  The default charset of
          HTML document changed from ``'ISO-8859-1'`` to ``'utf-8'``.