From bdb77ba521b3a7d86e2818a9913de5040090dd5e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2020 00:20:57 +0530 Subject: [PATCH] chore(deps): bump bleach from 2.1.4 to 3.1.2 (#9779) * chore(deps): bump bleach from 2.1.4 to 3.1.2 Bumps [bleach](https://github.com/mozilla/bleach) from 2.1.4 to 3.1.2. - [Release notes](https://github.com/mozilla/bleach/releases) - [Changelog](https://github.com/mozilla/bleach/blob/master/CHANGES) - [Commits](https://github.com/mozilla/bleach/compare/v2.1.4...v3.1.2) Signed-off-by: dependabot[bot] * chore: use html.parser instead of html5lib bleach no longer ships html5lib as a requirement and instead has included it in the system. we can switch to using html.parser instead; which is not an external dependency unlike html5lib. source: https://github.com/mozilla/bleach/blob/master/CHANGES#L206 Signed-off-by: Chinmay D. Pai * chore: use html5lib from bleach Signed-off-by: Chinmay D. Pai * chore: import html5lib from bleach._vendor fixes issue where bs4 is unable to find html5lib in the tree: bs4.FeatureNotFound: Couldn't find a tree builder with the features you requested: bleach._vendor.html5lib. Do you need to install a parser library? Signed-off-by: Chinmay D. Pai * chore: just give up and install html5lib as a dependency Signed-off-by: Chinmay D. Pai Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chinmay D. Pai --- frappe/utils/html_utils.py | 8 +++++--- frappe/utils/pdf.py | 1 + requirements.txt | 3 ++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/frappe/utils/html_utils.py b/frappe/utils/html_utils.py index 67a01296c1..3de647894b 100644 --- a/frappe/utils/html_utils.py +++ b/frappe/utils/html_utils.py @@ -1,7 +1,9 @@ from __future__ import unicode_literals import frappe -import json, re -import bleach, bleach_whitelist.bleach_whitelist as bleach_whitelist +import json +import re +import bleach +import bleach_whitelist.bleach_whitelist as bleach_whitelist from six import string_types from bs4 import BeautifulSoup @@ -47,7 +49,7 @@ def clean_script_and_style(html): def sanitize_html(html, linkify=False): """ Sanitize HTML tags, attributes and style to prevent XSS attacks - Based on bleach clean, bleach whitelist and HTML5lib's Sanitizer defaults + Based on bleach clean, bleach whitelist and html5lib's Sanitizer defaults Does not sanitize JSON, as it could lead to future problems """ diff --git a/frappe/utils/pdf.py b/frappe/utils/pdf.py index bc1ad6cef9..58275a5c6c 100644 --- a/frappe/utils/pdf.py +++ b/frappe/utils/pdf.py @@ -16,6 +16,7 @@ import frappe from frappe import _ from frappe.utils import get_wkhtmltopdf_version, scrub_urls + PDF_CONTENT_ERRORS = ["ContentNotFoundError", "ContentOperationNotPermittedError", "UnknownContentError", "RemoteHostClosedError"] diff --git a/requirements.txt b/requirements.txt index e0386fae4c..55a4910056 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ Babel==2.6.0 beautifulsoup4==4.8.2 bleach-whitelist==0.0.10 -bleach==2.1.4 +bleach==3.1.2 boto3==1.10.18 braintree==3.57.1 chardet==3.0.4 @@ -23,6 +23,7 @@ google-auth==1.7.1 googlemaps==3.1.1 gunicorn==19.10.0 html2text==2016.9.19 +html5lib==1.0.1 ipython==5.9.0 Jinja2==2.10.3 ldap3==2.7