diff --git a/CHANGES b/CHANGES index b2f9a548..3df8d64d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,10 +1,129 @@ Bleach changes ============== +Version 6.0.0 (January 23rd, 2023) +---------------------------------- + +**Backwards incompatible changes** + +* ``bleach.clean``, ``bleach.sanitizer.Cleaner``, + ``bleach.html5lib_shim.BleachHTMLParser``: the ``tags`` and ``protocols`` + arguments were changed from lists to sets. + + Old pre-6.0.0: + + .. code-block:: python + + bleach.clean( + "some text", + tags=["a", "p", "img"], + # ^ ^ list + protocols=["http", "https"], + # ^ ^ list + ) + + + New 6.0.0 and later: + + .. code-block:: python + + bleach.clean( + "some text", + tags={"a", "p", "img"}, + # ^ ^ set + protocols={"http", "https"}, + # ^ ^ set + ) + +* ``bleach.linkify``, ``bleach.linkifier.Linker``: the ``skip_tags`` and + ``recognized_tags`` arguments were changed from lists to sets. + + Old pre-6.0.0: + + .. code-block:: python + + bleach.linkify( + "some text", + skip_tags=["pre"], + # ^ ^ list + ) + + linker = Linker( + skip_tags=["pre"], + # ^ ^ list + recognized_tags=html5lib_shim.HTML_TAGS + ["custom-element"], + # ^ ^ ^ list + # | + # | list concatenation + ) + + New 6.0.0 and later: + + .. code-block:: python + + bleach.linkify( + "some text", + skip_tags={"pre"}, + # ^ ^ set + ) + + linker = Linker( + skip_tags={"pre"}, + # ^ ^ set + recognized_tags=html5lib_shim.HTML_TAGS | {"custom-element"}, + # ^ ^ ^ set + # | + # | union operator + ) + +* ``bleach.sanitizer.BleachSanitizerFilter``: ``strip_allowed_elements`` is now + ``strip_allowed_tags``. We now use "tags" everywhere rather than a mishmash + of "tags" in some places and "elements" in others. + + +**Security fixes** + +None + + +**Bug fixes** + +* Add support for Python 3.11. (#675) + +* Fix API weirness in ``BleachSanitizerFilter``. (#649) + + We're using "tags" instead of "elements" everywhere--no more weird + overloading of "elements" anymore. + + Also, it no longer calls the superclass constructor. + +* Add warning when ``css_sanitizer`` isn't set, but the ``style`` + attribute is allowed. (#676) + +* Fix linkify handling of character entities. (#501) + +* Rework dev dependencies to use ``requirements-dev.txt`` and + ``requirements-flake8.txt`` instead of extras. + +* Fix project infrastructure to be tox-based so it's easier to have CI + run the same things we're running in development and with flake8 + in an isolated environment. + +* Update action versions in CI. + +* Switch to f-strings where possible. Make tests parametrized to be + easier to read/maintain. + + Version 5.0.1 (June 27th, 2022) ------------------------------- -**Bugs** +**Security fixes** + +None + + +**Bug fixes** * Add missing comma to tinycss2 require. Thank you, @shadchin! @@ -38,6 +157,10 @@ Version 5.0.0 (April 7th, 2022) See `the documentation on sanitizing CSS for how to do it `_. (#633) +**Security fixes** + +None + **Bug fixes** * Rework dev dependencies. We no longer have @@ -49,6 +172,7 @@ Version 5.0.0 (April 7th, 2022) * Add newline when dropping block-level tags. Thank you, @jvanasco! (#369) + Version 4.1.0 (August 25th, 2021) --------------------------------- @@ -56,11 +180,16 @@ Version 4.1.0 (August 25th, 2021) * Python 3.9 support +**Security fixes** + +None + **Bug fixes** * Update sanitizer clean to use vendored 3.6.14 stdlib urllib.parse to fix test failures on Python 3.9. (#536) + Version 4.0.0 (August 3rd, 2021) -------------------------------- @@ -76,6 +205,7 @@ None * fix attribute name in the linkify docs (thanks @CheesyFeet!) + Version 3.3.1 (July 14th, 2021) ------------------------------- @@ -96,6 +226,7 @@ None * remove extra vendored django present in the v3.3.0 whl (#595) * duplicate h1 header doc fix (thanks Nguyễn Gia Phong / @McSinyx!) + Version 3.3.0 (February 1st, 2021) ---------------------------------- @@ -115,6 +246,7 @@ None None + Version 3.2.3 (January 26th, 2021) ---------------------------------- @@ -130,6 +262,7 @@ None * fix clean and linkify raising ValueErrors for certain inputs. Thank you @Google-Autofuzz. + Version 3.2.2 (January 20th, 2021) ---------------------------------- @@ -145,6 +278,7 @@ None * fix linkify raising an IndexError on certain inputs. Thank you @Google-Autofuzz. + Version 3.2.1 (September 18th, 2020) ------------------------------------ @@ -161,6 +295,7 @@ None * change linkifier to add rel="nofollow" as documented. Thank you @mitar. * suppress html5lib sanitizer DeprecationWarnings (#557) + Version 3.2.0 (September 16th, 2020) ------------------------------------ @@ -177,6 +312,7 @@ None * ``html5lib`` dependency to version 1.1.0. Thank you Sam Sneddon. * update tests_website terminology. Thank you Thomas Grainger. + Version 3.1.5 (April 29th, 2020) -------------------------------- @@ -192,6 +328,7 @@ None * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. + Version 3.1.4 (March 24th, 2020) -------------------------------- @@ -225,6 +362,7 @@ None None + Version 3.1.3 (March 17th, 2020) -------------------------------- @@ -301,6 +439,7 @@ None None + Version 3.1.1 (February 13th, 2020) ----------------------------------- @@ -333,6 +472,7 @@ None None + Version 3.1.0 (January 9th, 2019) --------------------------------- diff --git a/bleach/__init__.py b/bleach/__init__.py index 8774e273..4e87eb80 100644 --- a/bleach/__init__.py +++ b/bleach/__init__.py @@ -11,9 +11,9 @@ # yyyymmdd -__releasedate__ = "20220627" +__releasedate__ = "20230123" # x.y.z or x.y.z.dev0 -- semver -__version__ = "5.0.1" +__version__ = "6.0.0" __all__ = ["clean", "linkify"] diff --git a/setup.py b/setup.py index ceb6d0a4..733a87ba 100755 --- a/setup.py +++ b/setup.py @@ -42,6 +42,7 @@ def get_version(): version=get_version(), description="An easy safelist-based HTML-sanitizing tool.", long_description=get_long_desc(), + long_description_content_type="text/x-rst", maintainer="Will Kahn-Greene", maintainer_email="willkg@mozilla.com", url="https://github.com/mozilla/bleach",