Mercurial > kallithea
comparison setup.py @ 8307:e965ff6f8cb3
setup: avoid bleach 3.1.4 for now - it seems to deliberately cause regressions
See https://github.com/mozilla/bleach/blob/master/CHANGES and
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
... which adds xfails for use cases similar to how we use bleach.
It would completely remove style attributes instead of dropping bad parts of
them, as shown by the markup_renderer.py doctest it made fail:
>>> MarkupRenderer.render('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''', '.md')
Expected:
'<p><img id="a" src="http://example.com/test.jpg" style="color: red;"></p>'
Got:
'<p><img id="a" src="http://example.com/test.jpg" style=""></p>'
Until a better solution is found, stick to 3.1.3 and accept the potential
ReDoS.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Thu, 26 Mar 2020 18:12:52 +0100 |
| parents | 1e0632b6ec27 |
| children | 65b0d79ff293 |
comparison
equal
deleted
inserted
replaced
| 8306:86f22a1fe48c | 8307:e965ff6f8cb3 |
|---|---|
| 64 "Routes >= 2.0, < 2.5", | 64 "Routes >= 2.0, < 2.5", |
| 65 "dulwich >= 0.19.0, < 0.20", | 65 "dulwich >= 0.19.0, < 0.20", |
| 66 "mercurial >= 5.2, < 5.4", | 66 "mercurial >= 5.2, < 5.4", |
| 67 "decorator >= 4.2.1, < 4.5", | 67 "decorator >= 4.2.1, < 4.5", |
| 68 "Paste >= 2.0.3, < 3.4", | 68 "Paste >= 2.0.3, < 3.4", |
| 69 "bleach >= 3.0, < 3.2", | 69 "bleach >= 3.0, < 3.1.4", |
| 70 "Click >= 7.0, < 8", | 70 "Click >= 7.0, < 8", |
| 71 "ipaddr >= 2.2.0, < 2.3", | 71 "ipaddr >= 2.2.0, < 2.3", |
| 72 "paginate >= 0.5, < 0.6", | 72 "paginate >= 0.5, < 0.6", |
| 73 "paginate_sqlalchemy >= 0.3.0, < 0.4", | 73 "paginate_sqlalchemy >= 0.3.0, < 0.4", |
| 74 "bcrypt >= 3.1.0, < 3.2", | 74 "bcrypt >= 3.1.0, < 3.2", |