diff --git a/c2corg_api/markdown/__init__.py b/c2corg_api/markdown/__init__.py index 52275c998..6128fe090 100644 --- a/c2corg_api/markdown/__init__.py +++ b/c2corg_api/markdown/__init__.py @@ -1,5 +1,6 @@ import markdown import bleach +import bleach.css_sanitizer import secrets import logging from threading import RLock @@ -52,7 +53,7 @@ def _get_cleaner(): global _cleaner if not _cleaner: - allowed_tags = bleach.ALLOWED_TAGS + [ + allowed_tags = bleach.sanitizer.ALLOWED_TAGS + [ # headers "h1", "h2", "h3", "h4", "h5", "h6", @@ -71,7 +72,7 @@ def _get_cleaner(): "table", "tr", "td", "th", "tbody" ] - allowed_attributes = dict(bleach.ALLOWED_ATTRIBUTES) + allowed_attributes = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES) allowed_extra_attributes = { "a": [ "c2c:role", @@ -110,12 +111,18 @@ def _get_cleaner(): allowed_attributes[key] += allowed_extra_attributes[key] - _cleaner = bleach.Cleaner(tags=allowed_tags, - attributes=allowed_attributes, - styles=bleach.ALLOWED_STYLES + ["clear"], - protocols=bleach.ALLOWED_PROTOCOLS, - strip=False, - strip_comments=True) + css_sanitizer = bleach.css_sanitizer.CSSSanitizer( + allowed_css_properties=list( + bleach.css_sanitizer.ALLOWED_CSS_PROPERTIES) + + ['clear']) + + _cleaner = bleach.sanitizer.Cleaner( + tags=allowed_tags, + attributes=allowed_attributes, + css_sanitizer=css_sanitizer, + protocols=bleach.sanitizer.ALLOWED_PROTOCOLS, + strip=False, + strip_comments=True) return _cleaner diff --git a/c2corg_api/models/utils.py b/c2corg_api/models/utils.py index b8e559ee8..6741b82fb 100644 --- a/c2corg_api/models/utils.py +++ b/c2corg_api/models/utils.py @@ -80,7 +80,7 @@ def wkb_to_shape(wkb_element): """ Create a 2D Shapely shape from a WKB value. 3D and 4D geometries are turned into 2D geometries. """ - assert(isinstance(wkb_element, WKBElement)) + assert (isinstance(wkb_element, WKBElement)) geometry = wkb.loads(bytes(wkb_element.data)) return shape(_force_2d(geometry)) diff --git a/c2corg_api/tests/markdown/ptag/base.html b/c2corg_api/tests/markdown/ptag/base.html index e071ab79c..a48a5a981 100644 --- a/c2corg_api/tests/markdown/ptag/base.html +++ b/c2corg_api/tests/markdown/ptag/base.html @@ -1 +1 @@ -
\ No newline at end of file + \ No newline at end of file diff --git a/c2corg_api/views/association.py b/c2corg_api/views/association.py index 99111c64a..b9c0525cc 100644 --- a/c2corg_api/views/association.py +++ b/c2corg_api/views/association.py @@ -171,7 +171,7 @@ def _is_main_waypoint_association(association): def _is_last_waypoint_of_route(association): - if not(association.parent_document_type == WAYPOINT_TYPE and + if not (association.parent_document_type == WAYPOINT_TYPE and association.child_document_type == ROUTE_TYPE): # other association type, nothing to check return False @@ -188,7 +188,7 @@ def _is_last_waypoint_of_route(association): def _is_last_route_of_outing(association): - if not(association.parent_document_type == ROUTE_TYPE and + if not (association.parent_document_type == ROUTE_TYPE and association.child_document_type == OUTING_TYPE): # other association type, nothing to check return False diff --git a/c2corg_api/views/document_tag.py b/c2corg_api/views/document_tag.py index 3fe5e63a5..7ca4bf8e9 100644 --- a/c2corg_api/views/document_tag.py +++ b/c2corg_api/views/document_tag.py @@ -137,7 +137,8 @@ def __init__(self, request): @restricted_json_view(validators=[validate_document_id]) def get(self): - """ Check if the authenticated user has tagged the given document as todo. + """ + Check if the authenticated user has tagged the given document as todo. Request: `GET` `tags/has/{document_id}` diff --git a/requirements.txt b/requirements.txt index abd642f37..0d53e4e3f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ alembic==1.8.1 apscheduler==3.9.1 bcrypt==4.0.1 -bleach==4.1.0 +bleach[css]==5.0.1 colander==1.8.3 dogpile.cache==1.1.8 elasticsearch==2.4.1