Mercurial > kallithea
view MANIFEST.in @ 8307:e965ff6f8cb3
setup: avoid bleach 3.1.4 for now - it seems to deliberately cause regressions
See https://github.com/mozilla/bleach/blob/master/CHANGES and
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
... which adds xfails for use cases similar to how we use bleach.
It would completely remove style attributes instead of dropping bad parts of
them, as shown by the markup_renderer.py doctest it made fail:
>>> MarkupRenderer.render('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''', '.md')
Expected:
'<p><img id="a" src="http://example.com/test.jpg" style="color: red;"></p>'
Got:
'<p><img id="a" src="http://example.com/test.jpg" style=""></p>'
Until a better solution is found, stick to 3.1.3 and accept the potential
ReDoS.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Thu, 26 Mar 2020 18:12:52 +0100 |
parents | ddfecf9fe7f2 |
children | 97c5e6ac5c75 |
line wrap: on
line source
include .coveragerc include Apache-License-2.0.txt include CONTRIBUTORS include COPYING include Jenkinsfile include LICENSE-MERGELY.html include LICENSE.md include MIT-Permissive-License.txt include README.rst include conftest.py include dev_requirements.txt include development.ini include pytest.ini include requirements.txt include tox.ini recursive-include docs * recursive-include init.d * recursive-include kallithea/alembic * include kallithea/bin/ldap_sync.conf include kallithea/lib/paster_commands/template.ini.mako recursive-include kallithea/front-end * recursive-include kallithea/i18n * recursive-include kallithea/public * recursive-include kallithea/templates * recursive-include kallithea/tests/fixtures * recursive-include kallithea/tests/scripts * include kallithea/tests/models/test_dump_html_mails.ref.html include kallithea/tests/performance/test_vcs.py include kallithea/tests/vcs/aconfig recursive-include scripts *