bleach update (#1399)

c2corg_api/markdown/__init__.py

@@ -1,5 +1,6 @@
 import markdown
 import bleach
+import bleach.css_sanitizer
 import secrets
 import logging
 from threading import RLock
@@ -52,7 +53,7 @@ def _get_cleaner():
     global _cleaner
 
     if not _cleaner:
-        allowed_tags = bleach.ALLOWED_TAGS + [
+        allowed_tags = bleach.sanitizer.ALLOWED_TAGS + [
             # headers
             "h1", "h2", "h3", "h4", "h5", "h6",
 
@@ -71,7 +72,7 @@ def _get_cleaner():
             "table", "tr", "td", "th", "tbody"
         ]
 
-        allowed_attributes = dict(bleach.ALLOWED_ATTRIBUTES)
+        allowed_attributes = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES)
         allowed_extra_attributes = {
             "a": [
                 "c2c:role",
@@ -110,12 +111,18 @@ def _get_cleaner():
 
             allowed_attributes[key] += allowed_extra_attributes[key]
 
-        _cleaner = bleach.Cleaner(tags=allowed_tags,
-                                  attributes=allowed_attributes,
-                                  styles=bleach.ALLOWED_STYLES + ["clear"],
-                                  protocols=bleach.ALLOWED_PROTOCOLS,
-                                  strip=False,
-                                  strip_comments=True)
+        css_sanitizer = bleach.css_sanitizer.CSSSanitizer(
+            allowed_css_properties=list(
+                bleach.css_sanitizer.ALLOWED_CSS_PROPERTIES)
+            + ['clear'])
+
+        _cleaner = bleach.sanitizer.Cleaner(
+            tags=allowed_tags,
+            attributes=allowed_attributes,
+            css_sanitizer=css_sanitizer,
+            protocols=bleach.sanitizer.ALLOWED_PROTOCOLS,
+            strip=False,
+            strip_comments=True)
 
     return _cleaner
 

c2corg_api/models/utils.py

@@ -80,7 +80,7 @@ def wkb_to_shape(wkb_element):
     """ Create a 2D Shapely shape from a WKB value. 3D and 4D geometries
      are turned into 2D geometries.
     """
-    assert(isinstance(wkb_element, WKBElement))
+    assert (isinstance(wkb_element, WKBElement))
     geometry = wkb.loads(bytes(wkb_element.data))
     return shape(_force_2d(geometry))
 

c2corg_api/tests/markdown/ptag/base.html

@@ -1 +1 @@
-<div style="clear: both;"></div>
+<div style="clear:both;"></div>

c2corg_api/views/association.py

@@ -171,7 +171,7 @@ def _is_main_waypoint_association(association):
 
 
 def _is_last_waypoint_of_route(association):
-    if not(association.parent_document_type == WAYPOINT_TYPE and
+    if not (association.parent_document_type == WAYPOINT_TYPE and
             association.child_document_type == ROUTE_TYPE):
         # other association type, nothing to check
         return False
@@ -188,7 +188,7 @@ def _is_last_waypoint_of_route(association):
 
 
 def _is_last_route_of_outing(association):
-    if not(association.parent_document_type == ROUTE_TYPE and
+    if not (association.parent_document_type == ROUTE_TYPE and
             association.child_document_type == OUTING_TYPE):
         # other association type, nothing to check
         return False

c2corg_api/views/document_tag.py

@@ -137,7 +137,8 @@ def __init__(self, request):
 
     @restricted_json_view(validators=[validate_document_id])
     def get(self):
-        """ Check if the authenticated user has tagged the given document as todo.
+        """
+        Check if the authenticated user has tagged the given document as todo.
 
         Request:
             `GET` `tags/has/{document_id}`

requirements.txt

@@ -1,7 +1,7 @@
 alembic==1.8.1
 apscheduler==3.9.1
 bcrypt==4.0.1
-bleach==4.1.0
+bleach[css]==5.0.1
 colander==1.8.3
 dogpile.cache==1.1.8
 elasticsearch==2.4.1