From 34af73de337138eeab71ea969433226dc03ab9d6 Mon Sep 17 00:00:00 2001 From: Anand Doshi Date: Thu, 25 Feb 2016 15:06:54 +0530 Subject: [PATCH 1/2] [hotfix] Additional whitelist tags in sanitize_html --- frappe/utils/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/frappe/utils/__init__.py b/frappe/utils/__init__.py index f22a0c782c..93f16d054c 100644 --- a/frappe/utils/__init__.py +++ b/frappe/utils/__init__.py @@ -410,9 +410,12 @@ def sanitize_html(html): elif is_json(html): return html + whitelisted_tags = (HTMLSanitizer.acceptable_elements + HTMLSanitizer.svg_elements + + ["html", "head", "meta", "link", "body", "iframe", "style", "o:p"]) + # retuns html with escaped tags, escaped orphan >, <, etc. escaped_html = bleach.clean(html, - tags=HTMLSanitizer.acceptable_elements + HTMLSanitizer.svg_elements + ["iframe"], + tags=whitelisted_tags, attributes={"*": HTMLSanitizer.acceptable_attributes, "svg": HTMLSanitizer.svg_attributes}, styles=bleach_whitelist.all_styles, strip_comments=False) From eaa9ac87a7571513f4b7eb1e739be23b39126f42 Mon Sep 17 00:00:00 2001 From: Nabin Hait Date: Thu, 25 Feb 2016 15:38:35 +0600 Subject: [PATCH 2/2] bumped to version 6.24.3 --- frappe/__version__.py | 2 +- frappe/hooks.py | 2 +- setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/frappe/__version__.py b/frappe/__version__.py index 6ab41657bc..b915c99c00 100644 --- a/frappe/__version__.py +++ b/frappe/__version__.py @@ -1,2 +1,2 @@ from __future__ import unicode_literals -__version__ = "6.24.2" +__version__ = "6.24.3" diff --git a/frappe/hooks.py b/frappe/hooks.py index 6b52294d78..e32ea9cdff 100644 --- a/frappe/hooks.py +++ b/frappe/hooks.py @@ -5,7 +5,7 @@ app_publisher = "Frappe Technologies" app_description = "Full stack web framework with Python, Javascript, MariaDB, Redis, Node" app_icon = "octicon octicon-circuit-board" -app_version = "6.24.2" +app_version = "6.24.3" app_color = "orange" source_link = "https://github.com/frappe/frappe" app_license = "MIT" diff --git a/setup.py b/setup.py index a16583451a..8bcc4c829b 100644 --- a/setup.py +++ b/setup.py @@ -1,7 +1,7 @@ from setuptools import setup, find_packages from pip.req import parse_requirements -version = "6.24.2" +version = "6.24.3" requirements = parse_requirements("requirements.txt", session="") setup(