13476c844d
For public-facing HTML content provided by the user, `<style>` tags and `style` attributes should be stripped automatically, as they can easily be abused to deface pages for abusive users and spammers. <style> tags were already stripped, the optional `strip_style` for fields.html enables the automatic stripping of style attributes. This is opt-in because custom style attributes are still desirable in trusted HTML fields. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| expression.py | ||
| fields.py | ||
| orm.py | ||
| osv.py | ||
| query.py | ||