chore(deps): bump bleach from 2.1.4 to 3.1.2 (#9779)

* chore(deps): bump bleach from 2.1.4 to 3.1.2 Bumps [bleach](https://github.com/mozilla/bleach) from 2.1.4 to 3.1.2. - [Release notes](https://github.com/mozilla/bleach/releases) - [Changelog](https://github.com/mozilla/bleach/blob/master/CHANGES) - [Commits](https://github.com/mozilla/bleach/compare/v2.1.4...v3.1.2) Signed-off-by: dependabot[bot] <support@github.com> * chore: use html.parser instead of html5lib bleach no longer ships html5lib as a requirement and instead has included it in the system. we can switch to using html.parser instead; which is not an external dependency unlike html5lib. source: https://github.com/mozilla/bleach/blob/master/CHANGES#L206 Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> * chore: use html5lib from bleach Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> * chore: import html5lib from bleach._vendor fixes issue where bs4 is unable to find html5lib in the tree: bs4.FeatureNotFound: Couldn't find a tree builder with the features you requested: bleach._vendor.html5lib. Do you need to install a parser library? Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> * chore: just give up and install html5lib as a dependency Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chinmay D. Pai <chinmaydpai@gmail.com>
2020-03-25 00:20:57 +05:30 · 2020-03-25 00:20:57 +05:30 · bdb77ba521
commit bdb77ba521
parent 4f22a58331
3 changed files with 8 additions and 4 deletions
--- a/frappe/utils/html_utils.py
+++ b/frappe/utils/html_utils.py
@ -1,7 +1,9 @@
 from __future__ import unicode_literals
 import frappe
-import json, re
-import bleach, bleach_whitelist.bleach_whitelist as bleach_whitelist
+import json
+import re
+import bleach
+import bleach_whitelist.bleach_whitelist as bleach_whitelist
 from six import string_types
 from bs4 import BeautifulSoup

@ -47,7 +49,7 @@ def clean_script_and_style(html):
 def sanitize_html(html, linkify=False):
 	"""
 	Sanitize HTML tags, attributes and style to prevent XSS attacks
-	Based on bleach clean, bleach whitelist and HTML5lib's Sanitizer defaults
+	Based on bleach clean, bleach whitelist and html5lib's Sanitizer defaults

 	Does not sanitize JSON, as it could lead to future problems
 	"""
--- a/frappe/utils/pdf.py
+++ b/frappe/utils/pdf.py
@ -16,6 +16,7 @@ import frappe
 from frappe import _
 from frappe.utils import get_wkhtmltopdf_version, scrub_urls

+
 PDF_CONTENT_ERRORS = ["ContentNotFoundError", "ContentOperationNotPermittedError",
 	"UnknownContentError", "RemoteHostClosedError"]

--- a/requirements.txt
+++ b/requirements.txt
@ -1,7 +1,7 @@
 Babel==2.6.0
 beautifulsoup4==4.8.2
 bleach-whitelist==0.0.10
-bleach==2.1.4
+bleach==3.1.2
 boto3==1.10.18
 braintree==3.57.1
 chardet==3.0.4
@ -23,6 +23,7 @@ google-auth==1.7.1
 googlemaps==3.1.1
 gunicorn==19.10.0
 html2text==2016.9.19
+html5lib==1.0.1
 ipython==5.9.0
 Jinja2==2.10.3
 ldap3==2.7