Changeset - e965ff6f8cb3
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 6 years ago 2020-03-26 18:12:52
mads@kiilerich.com
setup: avoid bleach 3.1.4 for now - it seems to deliberately cause regressions

See https://github.com/mozilla/bleach/blob/master/CHANGES and
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
... which adds xfails for use cases similar to how we use bleach.

It would completely remove style attributes instead of dropping bad parts of
them, as shown by the markup_renderer.py doctest it made fail:

>>> MarkupRenderer.render('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''&apos;, '.md')
Expected:
'<p><img id="a" src="http://example.com/test.jpg"; style="color: red;"></p>'
Got:
'<p><img id="a" src="http://example.com/test.jpg"; style=""></p>'

Until a better solution is found, stick to 3.1.3 and accept the potential
ReDoS.
1 file changed with 1 insertions and 1 deletions:
setup.py
1
1
0 comments (0 inline, 0 general)
setup.py
Show inline comments
 
@@ -21,97 +21,97 @@ def _get_meta_var(name, data, callback_h
 
    matches = re.compile(r'(?:%s)\s*=\s*(.*)' % name).search(data)
 
    if matches:
 
        s = eval(matches.groups()[0])
 
        if callable(callback_handler):
 
            return callback_handler(s)
 
        return s
 

			




	
	
	
		
 
_meta = open(os.path.join(here, 'kallithea', '__init__.py'), 'r')

			




	
	
	
		
 
_metadata = _meta.read()

			




	
	
	
		
 
_meta.close()

			




	
	
	
		
 

			




	
	
	
		
 
def callback(V):

			




	
	
	
		
 
    return '.'.join(map(str, V[:3])) + '.'.join(V[3:])

			




	
	
	
		
 
__version__ = _get_meta_var('VERSION', _metadata, callback)

			




	
	
	
		
 
__license__ = _get_meta_var('__license__', _metadata)

			




	
	
	
		
 
__author__ = _get_meta_var('__author__', _metadata)

			




	
	
	
		
 
__url__ = _get_meta_var('__url__', _metadata)

			




	
	
	
		
 
# defines current platform

			




	
	
	
		
 
__platform__ = platform.system()

			




	
	
	
		
 

			




	
	
	
		
 
is_windows = __platform__ in ['Windows']

			




	
	
	
		
 

			




	
	
	
		
 
requirements = [

			




	
	
	
		
 
    "alembic >= 1.0.10, < 1.5",

			




	
	
	
		
 
    "gearbox >= 0.1.0, < 1",

			




	
	
	
		
 
    "waitress >= 0.8.8, < 1.5",

			




	
	
	
		
 
    "WebOb >= 1.8, < 1.9",

			




	
	
	
		
 
    "backlash >= 0.1.2, < 1",

			




	
	
	
		
 
    "TurboGears2 >= 2.4, < 2.5",

			




	
	
	
		
 
    "tgext.routes >= 0.2.0, < 1",

			




	
	
	
		
 
    "Beaker >= 1.10.1, < 2",

			




	
	
	
		
 
    "WebHelpers2 >= 2.0, < 2.1",

			




	
	
	
		
 
    "FormEncode >= 1.3.1, < 1.4",

			




	
	
	
		
 
    "SQLAlchemy >= 1.2.9, < 1.4",

			




	
	
	
		
 
    "Mako >= 0.9.1, < 1.2",

			




	
	
	
		
 
    "Pygments >= 2.2.0, < 2.6",

			




	
	
	
		
 
    "Whoosh >= 2.7.1, < 2.8",

			




	
	
	
		
 
    "celery >= 4.3, < 4.5",

			




	
	
	
		
 
    "Babel >= 1.3, < 2.9",

			




	
	
	
		
 
    "python-dateutil >= 2.1.0, < 2.9",

			




	
	
	
		
 
    "Markdown >= 2.2.1, < 3.2",

			




	
	
	
		
 
    "docutils >= 0.11, < 0.17",

			




	
	
	
		
 
    "URLObject >= 2.3.4, < 2.5",

			




	
	
	
		
 
    "Routes >= 2.0, < 2.5",

			




	
	
	
		
 
    "dulwich >= 0.19.0, < 0.20",

			




	
	
	
		
 
    "mercurial >= 5.2, < 5.4",

			




	
	
	
		
 
    "decorator >= 4.2.1, < 4.5",

			




	
	
	
		
 
    "Paste >= 2.0.3, < 3.4",

			




	
	
	
		
 
    "bleach >= 3.0, < 3.2",

			




	
	
	
		
 
    "bleach >= 3.0, < 3.1.4",

			




	
	
	
		
 
    "Click >= 7.0, < 8",

			




	
	
	
		
 
    "ipaddr >= 2.2.0, < 2.3",

			




	
	
	
		
 
    "paginate >= 0.5, < 0.6",

			




	
	
	
		
 
    "paginate_sqlalchemy >= 0.3.0, < 0.4",

			




	
	
	
		
 
    "bcrypt >= 3.1.0, < 3.2",

			




	
	
	
		
 
]

			




	
	
	
		
 

			




	
	
	
		
 
dependency_links = [

			




	
	
	
		
 
]

			




	
	
	
		
 

			




	
	
	
		
 
classifiers = [

			




	
	
	
		
 
    'Development Status :: 4 - Beta',

			




	
	
	
		
 
    'Environment :: Web Environment',

			




	
	
	
		
 
    'Framework :: Pylons',

			




	
	
	
		
 
    'Intended Audience :: Developers',

			




	
	
	
		
 
    'License :: OSI Approved :: GNU General Public License (GPL)',

			




	
	
	
		
 
    'Operating System :: OS Independent',

			




	
	
	
		
 
    'Programming Language :: Python :: 3.6',

			




	
	
	
		
 
    'Programming Language :: Python :: 3.7',

			




	
	
	
		
 
    'Programming Language :: Python :: 3.8',

			




	
	
	
		
 
    'Topic :: Software Development :: Version Control',

			




	
	
	
		
 
]

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
# additional files from project that goes somewhere in the filesystem

			




	
	
	
		
 
# relative to sys.prefix

			




	
	
	
		
 
data_files = []

			




	
	
	
		
 

			




	
	
	
		
 
description = ('Kallithea is a fast and powerful management tool '

			




	
	
	
		
 
               'for Mercurial and Git with a built in push/pull server, '

			




	
	
	
		
 
               'full text search and code-review.')

			




	
	
	
		
 

			




	
	
	
		
 
keywords = ' '.join([

			




	
	
	
		
 
    'kallithea', 'mercurial', 'git', 'code review',

			




	
	
	
		
 
    'repo groups', 'ldap', 'repository management', 'hgweb replacement',

			




	
	
	
		
 
    'hgwebdir', 'gitweb replacement', 'serving hgweb',

			




	
	
	
		
 
])

			




	
	
	
		
 

			




	
	
	
		
 
# long description

			




	
	
	
		
 
README_FILE = 'README.rst'

			




	
	
	
		
 
try:

			




	
	
	
		
 
    long_description = open(README_FILE).read()

			




	
	
	
		
 
except IOError as err:

			




	
	
	
		
 
    sys.stderr.write(

			




	
	
	
		
 
        "[WARNING] Cannot find file specified as long_description (%s): %s\n"

			




	
	
	
		
 
        % (README_FILE, err)

			




	
	
	
		
 
    )

			




	
	
	
		
 
    long_description = description

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.