diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index ddad3a91fb..7837c90d2b 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -205,7 +205,7 @@ class User(Document):
 						_update_password(user=self.name, pwd=new_password,
 							logout_all_sessions=self.logout_all_sessions)
 
-					if not self.flags.no_welcome_mail and self.send_welcome_email:
+					if not self.flags.no_welcome_mail and cint(self.send_welcome_email):
 						self.send_welcome_mail_to_user()
 						self.flags.email_sent = 1
 						if frappe.session.user != 'Guest':
@@ -577,7 +577,7 @@ def update_password(new_password, logout_all_sessions=0, key=None, old_password=
 		return redirect_url if redirect_url else "/"
 
 @frappe.whitelist(allow_guest=True)
-def test_password_strength(new_password, key=None, old_password=None, user_data=[]):
+def test_password_strength(new_password, key=None, old_password=None, user_data=None):
 	from frappe.utils.password_strength import test_password_strength as _test_password_strength
 
 	password_policy = frappe.db.get_value("System Settings", None,
diff --git a/frappe/tests/test_document.py b/frappe/tests/test_document.py
index 1e92015602..470ab35fb6 100644
--- a/frappe/tests/test_document.py
+++ b/frappe/tests/test_document.py
@@ -181,7 +181,7 @@ class TestDocument(unittest.TestCase):
 
 		# css attributes
 		xss = '<div style="something: doesn\'t work; color: red;">Test</div>'
-		escaped_xss = '<div style="color: red;">Test</div>'
+		escaped_xss = '<div style="">Test</div>'
 		d.subject += xss
 		d.save()
 		d.reload()
diff --git a/frappe/utils/data.py b/frappe/utils/data.py
index 39c8c387eb..dc4d3c5e53 100644
--- a/frappe/utils/data.py
+++ b/frappe/utils/data.py
@@ -54,8 +54,8 @@ def get_datetime(datetime_str=None):
 	elif isinstance(datetime_str, datetime.date):
 		return datetime.datetime.combine(datetime_str, datetime.time())
 
-	# dateutil parser does not agree with dates like 0001-01-01
-	if not datetime_str or (datetime_str or "").startswith("0001-01-01"):
+	# dateutil parser does not agree with dates like "0001-01-01" or "0000-00-00"
+	if not datetime_str or (datetime_str or "").startswith(("0001-01-01", "0000-00-00")):
 		return None
 
 	try:
diff --git a/requirements.txt b/requirements.txt
index 55a4910056..bcf3760cd8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 Babel==2.6.0
 beautifulsoup4==4.8.2
 bleach-whitelist==0.0.10
-bleach==3.1.2
+bleach==3.1.4
 boto3==1.10.18
 braintree==3.57.1
 chardet==3.0.4