Tags: mozilla/bleach
Tags
Version 6.2.0 (October 29th, 2024) **Backwards incompatible changes** * Dropped support for Python 3.8. (#737) **Security fixes** None **Bug fixes** * Add support for Python 3.13. (#736) * Remove six depdenncy. (#618) * Update known-good versions for tinycss2. (#732) * Fix additional < followed by characters and EOF issues. (#728)
Version 6.1.0 (October 6th, 2023) **Backwards incompatible changes** * Dropped support for Python 3.7. (#709) **Security fixes** None **Bug fixes** * Add support for Python 3.12. (#710) * Fix linkify with arrays in querystring (#436) * Handle more cases with < followed by character data (#705) * Fix entities inside a tags in linkification (#704) * Update cap for tinycss2 to <1.3 (#702) * Updated Sphinx requirement * Add dependabot for github actions and update github actions
Version 6.0.0 (January 23rd, 2023)
**Backwards incompatible changes**
* ``bleach.clean``, ``bleach.sanitizer.Cleaner``,
``bleach.html5lib_shim.BleachHTMLParser``: the ``tags`` and ``protocols``
arguments were changed from lists to sets.
Old pre-6.0.0:
.. code-block:: python
bleach.clean(
"some text",
tags=["a", "p", "img"],
# ^ ^ list
protocols=["http", "https"],
# ^ ^ list
)
New 6.0.0 and later:
.. code-block:: python
bleach.clean(
"some text",
tags={"a", "p", "img"},
# ^ ^ set
protocols={"http", "https"},
# ^ ^ set
)
* ``bleach.linkify``, ``bleach.linkifier.Linker``: the ``skip_tags`` and
``recognized_tags`` arguments were changed from lists to sets.
Old pre-6.0.0:
.. code-block:: python
bleach.linkify(
"some text",
skip_tags=["pre"],
# ^ ^ list
)
linker = Linker(
skip_tags=["pre"],
# ^ ^ list
recognized_tags=html5lib_shim.HTML_TAGS + ["custom-element"],
# ^ ^ ^ list
# |
# | list concatenation
)
New 6.0.0 and later:
.. code-block:: python
bleach.linkify(
"some text",
skip_tags={"pre"},
# ^ ^ set
)
linker = Linker(
skip_tags={"pre"},
# ^ ^ set
recognized_tags=html5lib_shim.HTML_TAGS | {"custom-element"},
# ^ ^ ^ set
# |
# | union operator
)
* ``bleach.sanitizer.BleachSanitizerFilter``: ``strip_allowed_elements`` is now
``strip_allowed_tags``. We now use "tags" everywhere rather than a mishmash
of "tags" in some places and "elements" in others.
**Security fixes**
None
**Bug fixes**
* Add support for Python 3.11. (#675)
* Fix API weirness in ``BleachSanitizerFilter``. (#649)
We're using "tags" instead of "elements" everywhere--no more weird
overloading of "elements" anymore.
Also, it no longer calls the superclass constructor.
* Add warning when ``css_sanitizer`` isn't set, but the ``style``
attribute is allowed. (#676)
* Fix linkify handling of character entities. (#501)
* Rework dev dependencies to use ``requirements-dev.txt`` and
``requirements-flake8.txt`` instead of extras.
* Fix project infrastructure to be tox-based so it's easier to have CI
run the same things we're running in development and with flake8
in an isolated environment.
* Update action versions in CI.
* Switch to f-strings where possible. Make tests parametrized to be
easier to read/maintain.
Version 5.0.1 (June 27th, 2022) **Bugs** * Add missing comma to tinycss2 require. Thank you, @shadchin! * Add url parse tests based on wpt url tests. (#688) * Support scheme-less urls if "https" is in allow list. (#662) * Handle escaping ``<`` in edge cases where it doesn't start a tag. (#544) * Fix reference warnings in docs. (#660) * Correctly urlencode email address parts. Thank you, @larseggert! (#659)
Version 5.0.0 (April 7th, 2022) **Backwards incompatible changes** * ``clean`` and ``linkify`` now preserve the order of HTML attributes. Thank you, @askoretskly! (#566) * Drop support for Python 3.6. Thank you, @hugovk! (#629) * CSS sanitization in style tags is completely different now. If you're using Bleach ``clean`` to sanitize css in style tags, you'll need to update your code and you'll need to install the ``css`` extras:: pip install 'bleach[css]' See `the documentation on sanitizing CSS for how to do it <https://bleach.readthedocs.io/en/latest/clean.html#sanitizing-css>`_. (#633) **Bug fixes** * Rework dev dependencies. We no longer have ``requirements-dev.in``/``requirements-dev.txt``. Instead, we're using ``dev`` extras. See `development docs <https://bleach.readthedocs.io/en/latest/dev.html>`_ for more details. (#620) * Add newline when dropping block-level tags. Thank you, @jvanasco! (#369)
**Security fixes** None **Features** * add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq * bump python version to 3.8 for tox doc, vendorverify, and lint targets * update bug report template tag * update vendorverify script to detect and fail when extra files are vendored * update release process docs to check vendorverify passes locally **Bug fixes** * remove extra vendored django present in the v3.3.0 whl #595 * duplicate h1 header doc fix (thanks Nguyễn Gia Phong / @McSinyx!)
**Backwards incompatible changes** * clean escapes HTML comments even when strip_comments=False **Security fixes** * Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details. **Features** None **Bug fixes** None
PreviousNext