Files
@ e965ff6f8cb3
Branch filter:
Location: kallithea/docs/theme/nature/layout.html - annotation
e965ff6f8cb3
1.0 KiB
text/html
setup: avoid bleach 3.1.4 for now - it seems to deliberately cause regressions
See https://github.com/mozilla/bleach/blob/master/CHANGES and
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
... which adds xfails for use cases similar to how we use bleach.
It would completely remove style attributes instead of dropping bad parts of
them, as shown by the markup_renderer.py doctest it made fail:
>>> MarkupRenderer.render('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''', '.md')
Expected:
'<p><img id="a" src="http://example.com/test.jpg"; style="color: red;"></p>'
Got:
'<p><img id="a" src="http://example.com/test.jpg"; style=""></p>'
Until a better solution is found, stick to 3.1.3 and accept the potential
ReDoS.
See https://github.com/mozilla/bleach/blob/master/CHANGES and
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
... which adds xfails for use cases similar to how we use bleach.
It would completely remove style attributes instead of dropping bad parts of
them, as shown by the markup_renderer.py doctest it made fail:
>>> MarkupRenderer.render('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''', '.md')
![http://example.com/test.jpg">''&apos](http://example.com/test.jpg">''&apos){kind=link}
Expected:
'<p><img id="a" src="http://example.com/test.jpg"; style="color: red;"></p>'
![http://example.com/test.jpg"](http://example.com/test.jpg"){kind=link}
Got:
'<p><img id="a" src="http://example.com/test.jpg"; style=""></p>'
Until a better solution is found, stick to 3.1.3 and accept the potential
ReDoS.