This is safe content.
')\n# print(article.content) # Script tag should be removed.","lang":"python","description":"This quickstart demonstrates how to define a `BleachHTMLField` in a Django model. This field will automatically sanitize any HTML input based on the `tags` and `attributes` provided, or global settings configured in `settings.py`. It's crucial to explicitly define what HTML elements and attributes are permitted to prevent Cross-Site Scripting (XSS) vulnerabilities. You can define global settings like `BLEACH_ALLOWED_TAGS`, `BLEACH_ALLOWED_ATTRIBUTES` in your `settings.py` file."},"warnings":[{"fix":"Review `bleach` 5.x release notes (on PyPI or GitHub) for any changes relevant to your existing `django-bleach` configuration. Adjust `BLEACH_ALLOWED_TAGS`, `BLEACH_ALLOWED_ATTRIBUTES`, or custom logic in `settings.py` or field definitions as needed.","message":"`django-bleach` version 3.0.0 updated its core `bleach` dependency to require `bleach>=5.0.0`. If you are upgrading from an older `django-bleach` version, ensure your existing `bleach` configurations (e.g., `BLEACH_ALLOWED_TAGS`, `BLEACH_ALLOWED_ATTRIBUTES`, or custom callbacks) are compatible with `bleach` 5.x, as `bleach` itself may have breaking changes or behavioral differences.","severity":"breaking","affected_versions":"3.0.0+"},{"fix":"Before upgrading to `django-bleach` 2.x or later, ensure your project's Python environment is 3.8 or newer, and your Django version is 3.2 or newer. Upgrade your project's dependencies accordingly.","message":"`django-bleach` version 2.0.0 dropped support for older Python and Django versions. Specifically, it now requires Python `>=3.8` and Django `>=3.2`. Attempting to install or run `django-bleach` 2.x or later on incompatible environments will result in errors.","severity":"breaking","affected_versions":"2.0.0+"},{"fix":"Always explicitly define `BLEACH_ALLOWED_TAGS` and `BLEACH_ALLOWED_ATTRIBUTES` in your `settings.py` for global defaults. For fields requiring different rules, override these settings directly in the `BleachHTMLField` or `BleachField` constructor. Test your sanitization thoroughly to ensure both functionality and security.","message":"Improper configuration of allowed HTML tags and attributes can lead to either over-stripping of desired HTML content or insufficient sanitization, potentially introducing security vulnerabilities (e.g., XSS). The default global settings might not be appropriate for all use cases, and field-specific overrides are critical.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"For model fields, use `from django_bleach.models import BleachField` or `from django_bleach.models import BleachHTMLField`. For form fields, use `from django_bleach.forms import BleachField`.","cause":"Attempting to import the `BleachField` model field from an incorrect or outdated module path. The model field `BleachField` and `BleachHTMLField` are located in `django_bleach.models`, while the form field `BleachField` is in `django_bleach.forms`.","error":"ImportError: cannot import name 'BleachField' from 'django_bleach.fields'"},{"fix":"Verify that all desired HTML tags are listed in `BLEACH_ALLOWED_TAGS`. For attributes, ensure they are explicitly listed for their respective tags in `BLEACH_ALLOWED_ATTRIBUTES` (e.g., `{'a': ['href', 'title']}`). If using a `BleachHTMLField`, check the `tags` and `attributes` arguments passed to its constructor.","cause":"The `BLEACH_ALLOWED_TAGS` or `BLEACH_ALLOWED_ATTRIBUTES` settings (either global in `settings.py` or field-specific) do not include the tags or attributes you expect to be retained. By default, `bleach` strips anything not explicitly allowed.","error":"HTML content is unexpectedly stripped, or certain tags/attributes are removed."}]}