Make bleach mandatory

2024-06-26 07:03:17 +00:00 · 2024-06-15 08:18:27 +02:00 · 2024-06-15 08:18:27 +02:00 · f7d5480811
commit f7d5480811
parent 7aa122e6cd
3 changed files with 7 additions and 35 deletions
--- a/cps/clean_html.py
+++ b/cps/clean_html.py
@ -19,31 +19,18 @@
 from . import logger
 from lxml.etree import ParserError

+log = logger.create()
+
 try:
    # at least bleach 6.0 is needed -> incomplatible change from list arguments to set arguments
-    from bleach import clean_text as clean_html
-    BLEACH = True
+    from bleach import clean as clean_html
 except ImportError:
-    try:
-        BLEACH = False
-        from nh3 import clean as clean_html
-    except ImportError:
-        try:
-            BLEACH = False
-            from lxml.html.clean import clean_html
-        except ImportError:
-            clean_html = None
-
-
-log = logger.create()
+    from nh3 import clean as clean_html


 def clean_string(unsafe_text, book_id=0):
    try:
-        if BLEACH:
-            safe_text = clean_html(unsafe_text, tags=set(), attributes=set())
-        else:
-            safe_text = clean_html(unsafe_text)
+        safe_text = clean_html(unsafe_text)
    except ParserError as e:
        log.error("Comments of book {} are corrupted: {}".format(book_id, e))
        safe_text = ""
--- a/cps/editbooks.py
+++ b/cps/editbooks.py
@ -27,22 +27,6 @@ from shutil import copyfile
 from uuid import uuid4
 from markupsafe import escape, Markup  # dependency of flask
 from functools import wraps
-# from lxml.etree import ParserError
-
-#try:
-#    # at least bleach 6.0 is needed -> incomplatible change from list arguments to set arguments
-#    from bleach import clean_text as clean_html
-#    BLEACH = True
-#except ImportError:
-#    try:
-#        BLEACH = False
-#        from nh3 import clean as clean_html
-#    except ImportError:
-#        try:
-#            BLEACH = False
-#            from lxml.html.clean import clean_html
-#        except ImportError:
-#            clean_html = None

 from flask import Blueprint, request, flash, redirect, url_for, abort, Response
 from flask_babel import gettext as _
--- a/requirements.txt
+++ b/requirements.txt
@ -13,9 +13,10 @@ SQLAlchemy>=1.3.0,<2.1.0
 tornado>=6.3,<6.5
 Wand>=0.4.4,<0.7.0
 unidecode>=0.04.19,<1.4.0
-lxml>=3.8.0,<5.2.0
+lxml>=4.9.1,<5.2.0
 flask-wtf>=0.14.2,<1.3.0
 chardet>=3.0.0,<4.1.0
 advocate>=1.0.0,<1.1.0
 Flask-Limiter>=2.3.0,<3.6.0
 regex>=2022.3.2,<2024.2.25
+bleach>=6.0.0,<6.2.0