Mercurial > repos > shellac > sam_consensus_v3
comparison env/lib/python3.9/site-packages/bleach-3.3.0.dist-info/METADATA @ 0:4f3585e2f14b draft default tip
"planemo upload commit 60cee0fc7c0cda8592644e1aad72851dec82c959"
author | shellac |
---|---|
date | Mon, 22 Mar 2021 18:12:50 +0000 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:4f3585e2f14b |
---|---|
1 Metadata-Version: 2.1 | |
2 Name: bleach | |
3 Version: 3.3.0 | |
4 Summary: An easy safelist-based HTML-sanitizing tool. | |
5 Home-page: https://github.com/mozilla/bleach | |
6 Maintainer: Will Kahn-Greene | |
7 Maintainer-email: willkg@mozilla.com | |
8 License: Apache Software License | |
9 Platform: UNKNOWN | |
10 Classifier: Development Status :: 5 - Production/Stable | |
11 Classifier: Environment :: Web Environment | |
12 Classifier: Intended Audience :: Developers | |
13 Classifier: License :: OSI Approved :: Apache Software License | |
14 Classifier: Operating System :: OS Independent | |
15 Classifier: Programming Language :: Python | |
16 Classifier: Programming Language :: Python :: 2 | |
17 Classifier: Programming Language :: Python :: 2.7 | |
18 Classifier: Programming Language :: Python :: 3 | |
19 Classifier: Programming Language :: Python :: 3.5 | |
20 Classifier: Programming Language :: Python :: 3.6 | |
21 Classifier: Programming Language :: Python :: 3.7 | |
22 Classifier: Programming Language :: Python :: 3.8 | |
23 Classifier: Programming Language :: Python :: Implementation :: CPython | |
24 Classifier: Programming Language :: Python :: Implementation :: PyPy | |
25 Classifier: Topic :: Software Development :: Libraries :: Python Modules | |
26 Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.* | |
27 Requires-Dist: packaging | |
28 Requires-Dist: six (>=1.9.0) | |
29 Requires-Dist: webencodings | |
30 | |
31 ====== | |
32 Bleach | |
33 ====== | |
34 | |
35 .. image:: https://github.com/mozilla/bleach/workflows/Test/badge.svg | |
36 :target: https://github.com/mozilla/bleach/actions?query=workflow%3ATest | |
37 | |
38 .. image:: https://github.com/mozilla/bleach/workflows/Lint/badge.svg | |
39 :target: https://github.com/mozilla/bleach/actions?query=workflow%3ALint | |
40 | |
41 .. image:: https://badge.fury.io/py/bleach.svg | |
42 :target: http://badge.fury.io/py/bleach | |
43 | |
44 Bleach is an allowed-list-based HTML sanitizing library that escapes or strips | |
45 markup and attributes. | |
46 | |
47 Bleach can also linkify text safely, applying filters that Django's ``urlize`` | |
48 filter cannot, and optionally setting ``rel`` attributes, even on links already | |
49 in the text. | |
50 | |
51 Bleach is intended for sanitizing text from *untrusted* sources. If you find | |
52 yourself jumping through hoops to allow your site administrators to do lots of | |
53 things, you're probably outside the use cases. Either trust those users, or | |
54 don't. | |
55 | |
56 Because it relies on html5lib_, Bleach is as good as modern browsers at dealing | |
57 with weird, quirky HTML fragments. And *any* of Bleach's methods will fix | |
58 unbalanced or mis-nested tags. | |
59 | |
60 The version on GitHub_ is the most up-to-date and contains the latest bug | |
61 fixes. You can find full documentation on `ReadTheDocs`_. | |
62 | |
63 :Code: https://github.com/mozilla/bleach | |
64 :Documentation: https://bleach.readthedocs.io/ | |
65 :Issue tracker: https://github.com/mozilla/bleach/issues | |
66 :License: Apache License v2; see LICENSE file | |
67 | |
68 | |
69 Reporting Bugs | |
70 ============== | |
71 | |
72 For regular bugs, please report them `in our issue tracker | |
73 <https://github.com/mozilla/bleach/issues>`_. | |
74 | |
75 If you believe that you've found a security vulnerability, please `file a secure | |
76 bug report in our bug tracker | |
77 <https://bugzilla.mozilla.org/enter_bug.cgi?assigned_to=nobody%40mozilla.org&product=Webtools&component=Bleach-security&groups=webtools-security>`_ | |
78 or send an email to *security AT mozilla DOT org*. | |
79 | |
80 For more information on security-related bug disclosure and the PGP key to use | |
81 for sending encrypted mail or to verify responses received from that address, | |
82 please read our wiki page at | |
83 `<https://www.mozilla.org/en-US/security/#For_Developers>`_. | |
84 | |
85 | |
86 Security | |
87 ======== | |
88 | |
89 Bleach is a security-focused library. | |
90 | |
91 We have a responsible security vulnerability reporting process. Please use | |
92 that if you're reporting a security issue. | |
93 | |
94 Security issues are fixed in private. After we land such a fix, we'll do a | |
95 release. | |
96 | |
97 For every release, we mark security issues we've fixed in the ``CHANGES`` in | |
98 the **Security issues** section. We include any relevant CVE links. | |
99 | |
100 | |
101 Installing Bleach | |
102 ================= | |
103 | |
104 Bleach is available on PyPI_, so you can install it with ``pip``:: | |
105 | |
106 $ pip install bleach | |
107 | |
108 | |
109 Upgrading Bleach | |
110 ================ | |
111 | |
112 .. warning:: | |
113 | |
114 Before doing any upgrades, read through `Bleach Changes | |
115 <https://bleach.readthedocs.io/en/latest/changes.html>`_ for backwards | |
116 incompatible changes, newer versions, etc. | |
117 | |
118 | |
119 Basic use | |
120 ========= | |
121 | |
122 The simplest way to use Bleach is: | |
123 | |
124 .. code-block:: python | |
125 | |
126 >>> import bleach | |
127 | |
128 >>> bleach.clean('an <script>evil()</script> example') | |
129 u'an <script>evil()</script> example' | |
130 | |
131 >>> bleach.linkify('an http://example.com url') | |
132 u'an <a href="http://example.com" rel="nofollow">http://example.com</a> url' | |
133 | |
134 | |
135 Code of Conduct | |
136 =============== | |
137 | |
138 This project and repository is governed by Mozilla's code of conduct and | |
139 etiquette guidelines. For more details please see the `CODE_OF_CONDUCT.md | |
140 </CODE_OF_CONDUCT.md>`_ | |
141 | |
142 | |
143 .. _html5lib: https://github.com/html5lib/html5lib-python | |
144 .. _GitHub: https://github.com/mozilla/bleach | |
145 .. _ReadTheDocs: https://bleach.readthedocs.io/ | |
146 .. _PyPI: https://pypi.org/project/bleach/ | |
147 | |
148 | |
149 Bleach changes | |
150 ============== | |
151 | |
152 Version 3.3.0 (February 1st, 2021) | |
153 ---------------------------------- | |
154 | |
155 **Backwards incompatible changes** | |
156 | |
157 * clean escapes HTML comments even when strip_comments=False | |
158 | |
159 **Security fixes** | |
160 | |
161 * Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details. | |
162 | |
163 **Features** | |
164 | |
165 None | |
166 | |
167 **Bug fixes** | |
168 | |
169 None | |
170 | |
171 Version 3.2.3 (January 26th, 2021) | |
172 ---------------------------------- | |
173 | |
174 **Security fixes** | |
175 | |
176 None | |
177 | |
178 **Features** | |
179 | |
180 None | |
181 | |
182 **Bug fixes** | |
183 | |
184 * fix clean and linkify raising ValueErrors for certain inputs. Thank you @Google-Autofuzz. | |
185 | |
186 Version 3.2.2 (January 20th, 2021) | |
187 ---------------------------------- | |
188 | |
189 **Security fixes** | |
190 | |
191 None | |
192 | |
193 **Features** | |
194 | |
195 * Migrate CI to Github Actions. Thank you @hugovk. | |
196 | |
197 **Bug fixes** | |
198 | |
199 * fix linkify raising an IndexError on certain inputs. Thank you @Google-Autofuzz. | |
200 | |
201 Version 3.2.1 (September 18th, 2020) | |
202 ------------------------------------ | |
203 | |
204 **Security fixes** | |
205 | |
206 None | |
207 | |
208 **Features** | |
209 | |
210 None | |
211 | |
212 **Bug fixes** | |
213 | |
214 * change linkifier to add rel="nofollow" as documented. Thank you @mitar. | |
215 * suppress html5lib sanitizer DeprecationWarnings #557 | |
216 | |
217 Version 3.2.0 (September 16th, 2020) | |
218 ------------------------------------ | |
219 | |
220 **Security fixes** | |
221 | |
222 None | |
223 | |
224 **Features** | |
225 | |
226 None | |
227 | |
228 **Bug fixes** | |
229 | |
230 * ``html5lib`` dependency to version 1.1.0. Thank you Sam Sneddon. | |
231 * update tests_website terminology. Thank you Thomas Grainger. | |
232 | |
233 Version 3.1.5 (April 29th, 2020) | |
234 -------------------------------- | |
235 | |
236 **Security fixes** | |
237 | |
238 None | |
239 | |
240 **Features** | |
241 | |
242 None | |
243 | |
244 **Bug fixes** | |
245 | |
246 * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. | |
247 | |
248 Version 3.1.4 (March 24th, 2020) | |
249 -------------------------------- | |
250 | |
251 **Security fixes** | |
252 | |
253 * ``bleach.clean`` behavior parsing style attributes could result in a | |
254 regular expression denial of service (ReDoS). | |
255 | |
256 Calls to ``bleach.clean`` with an allowed tag with an allowed | |
257 ``style`` attribute were vulnerable to ReDoS. For example, | |
258 ``bleach.clean(..., attributes={'a': ['style']})``. | |
259 | |
260 This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, | |
261 v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar | |
262 regular expression and should be considered vulnerable too. | |
263 | |
264 Anyone using Bleach <=v3.1.3 is encouraged to upgrade. | |
265 | |
266 https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 | |
267 | |
268 **Backwards incompatible changes** | |
269 | |
270 * Style attributes with dashes, or single or double quoted values are | |
271 cleaned instead of passed through. | |
272 | |
273 **Features** | |
274 | |
275 None | |
276 | |
277 **Bug fixes** | |
278 | |
279 None | |
280 | |
281 Version 3.1.3 (March 17th, 2020) | |
282 -------------------------------- | |
283 | |
284 **Security fixes** | |
285 | |
286 None | |
287 | |
288 **Backwards incompatible changes** | |
289 | |
290 None | |
291 | |
292 **Features** | |
293 | |
294 * Add relative link to code of conduct. (#442) | |
295 | |
296 * Drop deprecated 'setup.py test' support. (#507) | |
297 | |
298 * Fix typo: curren -> current in tests/test_clean.py (#504) | |
299 | |
300 * Test on PyPy 7 | |
301 | |
302 * Drop test support for end of life Python 3.4 | |
303 | |
304 **Bug fixes** | |
305 | |
306 None | |
307 | |
308 Version 3.1.2 (March 11th, 2020) | |
309 -------------------------------- | |
310 | |
311 **Security fixes** | |
312 | |
313 * ``bleach.clean`` behavior parsing embedded MathML and SVG content | |
314 with RCDATA tags did not match browser behavior and could result in | |
315 a mutation XSS. | |
316 | |
317 Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or | |
318 ``svg`` tags and one or more of the RCDATA tags ``script``, | |
319 ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or | |
320 ``xmp`` in the allowed tags whitelist were vulnerable to a mutation | |
321 XSS. | |
322 | |
323 This security issue was confirmed in Bleach version v3.1.1. Earlier | |
324 versions are likely affected too. | |
325 | |
326 Anyone using Bleach <=v3.1.1 is encouraged to upgrade. | |
327 | |
328 https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 | |
329 | |
330 **Backwards incompatible changes** | |
331 | |
332 None | |
333 | |
334 **Features** | |
335 | |
336 None | |
337 | |
338 **Bug fixes** | |
339 | |
340 None | |
341 | |
342 Version 3.1.1 (February 13th, 2020) | |
343 ----------------------------------- | |
344 | |
345 **Security fixes** | |
346 | |
347 * ``bleach.clean`` behavior parsing ``noscript`` tags did not match | |
348 browser behavior. | |
349 | |
350 Calls to ``bleach.clean`` allowing ``noscript`` and one or more of | |
351 the raw text tags (``title``, ``textarea``, ``script``, ``style``, | |
352 ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable | |
353 to a mutation XSS. | |
354 | |
355 This security issue was confirmed in Bleach versions v2.1.4, v3.0.2, | |
356 and v3.1.0. Earlier versions are probably affected too. | |
357 | |
358 Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade. | |
359 | |
360 https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 | |
361 | |
362 **Backwards incompatible changes** | |
363 | |
364 None | |
365 | |
366 **Features** | |
367 | |
368 None | |
369 | |
370 **Bug fixes** | |
371 | |
372 None | |
373 | |
374 Bleach changes | |
375 ============== | |
376 | |
377 Version 3.1.0 (January 9th, 2019) | |
378 --------------------------------- | |
379 | |
380 **Security fixes** | |
381 | |
382 None | |
383 | |
384 **Backwards incompatible changes** | |
385 | |
386 None | |
387 | |
388 **Features** | |
389 | |
390 * Add ``recognized_tags`` argument to the linkify ``Linker`` class. This | |
391 fixes issues when linkifying on its own and having some tags get escaped. | |
392 It defaults to a list of HTML5 tags. Thank you, Chad Birch! (#409) | |
393 | |
394 **Bug fixes** | |
395 | |
396 * Add ``six>=1.9`` to requirements. Thank you, Dave Shawley (#416) | |
397 | |
398 * Fix cases where attribute names could have invalid characters in them. | |
399 (#419) | |
400 | |
401 * Fix problems with ``LinkifyFilter`` not being able to match links | |
402 across ``&``. (#422) | |
403 | |
404 * Fix ``InputStreamWithMemory`` when the ``BleachHTMLParser`` is | |
405 parsing ``meta`` tags. (#431) | |
406 | |
407 * Fix doctests. (#357) | |
408 | |
409 | |
410 Version 3.0.2 (October 11th, 2018) | |
411 ---------------------------------- | |
412 | |
413 **Security fixes** | |
414 | |
415 None | |
416 | |
417 **Backwards incompatible changes** | |
418 | |
419 None | |
420 | |
421 **Features** | |
422 | |
423 None | |
424 | |
425 **Bug fixes** | |
426 | |
427 * Merge ``Characters`` tokens after sanitizing them. This fixes issues in the | |
428 ``LinkifyFilter`` where it was only linkifying parts of urls. (#374) | |
429 | |
430 | |
431 Version 3.0.1 (October 9th, 2018) | |
432 --------------------------------- | |
433 | |
434 **Security fixes** | |
435 | |
436 None | |
437 | |
438 **Backwards incompatible changes** | |
439 | |
440 None | |
441 | |
442 **Features** | |
443 | |
444 * Support Python 3.7. It supported Python 3.7 just fine, but we added 3.7 to | |
445 the list of Python environments we test so this is now officially supported. | |
446 (#377) | |
447 | |
448 **Bug fixes** | |
449 | |
450 * Fix ``list`` object has no attribute ``lower`` in ``clean``. (#398) | |
451 * Fix ``abbr`` getting escaped in ``linkify``. (#400) | |
452 | |
453 | |
454 Version 3.0.0 (October 3rd, 2018) | |
455 --------------------------------- | |
456 | |
457 **Security fixes** | |
458 | |
459 None | |
460 | |
461 **Backwards incompatible changes** | |
462 | |
463 * A bunch of functions were moved from one module to another. | |
464 | |
465 These were moved from ``bleach.sanitizer`` to ``bleach.html5lib_shim``: | |
466 | |
467 * ``convert_entity`` | |
468 * ``convert_entities`` | |
469 * ``match_entity`` | |
470 * ``next_possible_entity`` | |
471 * ``BleachHTMLSerializer`` | |
472 * ``BleachHTMLTokenizer`` | |
473 * ``BleachHTMLParser`` | |
474 | |
475 These functions and classes weren't documented and aren't part of the | |
476 public API, but people read code and might be using them so we're | |
477 considering it an incompatible API change. | |
478 | |
479 If you're using them, you'll need to update your code. | |
480 | |
481 **Features** | |
482 | |
483 * Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into | |
484 Bleach. You can remove it from your requirements file if none of your other | |
485 requirements require html5lib. | |
486 | |
487 This means Bleach will now work fine with other libraries that depend on | |
488 html5lib regardless of what version of html5lib they require. (#386) | |
489 | |
490 **Bug fixes** | |
491 | |
492 * Fixed tags getting added when using clean or linkify. This was a | |
493 long-standing regression from the Bleach 2.0 rewrite. (#280, #392) | |
494 | |
495 * Fixed ``<isindex>`` getting replaced with a string. Now it gets escaped or | |
496 stripped depending on whether it's in the allowed tags or not. (#279) | |
497 | |
498 | |
499 Version 2.1.4 (August 16th, 2018) | |
500 --------------------------------- | |
501 | |
502 **Security fixes** | |
503 | |
504 None | |
505 | |
506 **Backwards incompatible changes** | |
507 | |
508 * Dropped support for Python 3.3. (#328) | |
509 | |
510 **Features** | |
511 | |
512 None | |
513 | |
514 **Bug fixes** | |
515 | |
516 * Handle ambiguous ampersands in correctly. (#359) | |
517 | |
518 | |
519 Version 2.1.3 (March 5th, 2018) | |
520 ------------------------------- | |
521 | |
522 **Security fixes** | |
523 | |
524 * Attributes that have URI values weren't properly sanitized if the | |
525 values contained character entities. Using character entities, it | |
526 was possible to construct a URI value with a scheme that was not | |
527 allowed that would slide through unsanitized. | |
528 | |
529 This security issue was introduced in Bleach 2.1. Anyone using | |
530 Bleach 2.1 is highly encouraged to upgrade. | |
531 | |
532 https://bugzilla.mozilla.org/show_bug.cgi?id=1442745 | |
533 | |
534 **Backwards incompatible changes** | |
535 | |
536 None | |
537 | |
538 **Features** | |
539 | |
540 None | |
541 | |
542 **Bug fixes** | |
543 | |
544 * Fixed some other edge cases for attribute URI value sanitizing and | |
545 improved testing of this code. | |
546 | |
547 | |
548 Version 2.1.2 (December 7th, 2017) | |
549 ---------------------------------- | |
550 | |
551 **Security fixes** | |
552 | |
553 None | |
554 | |
555 **Backwards incompatible changes** | |
556 | |
557 None | |
558 | |
559 **Features** | |
560 | |
561 None | |
562 | |
563 **Bug fixes** | |
564 | |
565 * Support html5lib-python 1.0.1. (#337) | |
566 | |
567 * Add deprecation warning for supporting html5lib-python < 1.0. | |
568 | |
569 * Switch to semver. | |
570 | |
571 | |
572 Version 2.1.1 (October 2nd, 2017) | |
573 --------------------------------- | |
574 | |
575 **Security fixes** | |
576 | |
577 None | |
578 | |
579 **Backwards incompatible changes** | |
580 | |
581 None | |
582 | |
583 **Features** | |
584 | |
585 None | |
586 | |
587 **Bug fixes** | |
588 | |
589 * Fix ``setup.py`` opening files when ``LANG=``. (#324) | |
590 | |
591 | |
592 Version 2.1 (September 28th, 2017) | |
593 ---------------------------------- | |
594 | |
595 **Security fixes** | |
596 | |
597 * Convert control characters (backspace particularly) to "?" preventing | |
598 malicious copy-and-paste situations. (#298) | |
599 | |
600 See `<https://github.com/mozilla/bleach/issues/298>`_ for more details. | |
601 | |
602 This affects all previous versions of Bleach. Check the comments on that | |
603 issue for ways to alleviate the issue if you can't upgrade to Bleach 2.1. | |
604 | |
605 | |
606 **Backwards incompatible changes** | |
607 | |
608 * Redid versioning. ``bleach.VERSION`` is no longer available. Use the string | |
609 version at ``bleach.__version__`` and parse it with | |
610 ``pkg_resources.parse_version``. (#307) | |
611 | |
612 * clean, linkify: linkify and clean should only accept text types; thank you, | |
613 Janusz! (#292) | |
614 | |
615 * clean, linkify: accept only unicode or utf-8-encoded str (#176) | |
616 | |
617 | |
618 **Features** | |
619 | |
620 | |
621 **Bug fixes** | |
622 | |
623 * ``bleach.clean()`` no longer unescapes entities including ones that are missing | |
624 a ``;`` at the end which can happen in urls and other places. (#143) | |
625 | |
626 * linkify: fix http links inside of mailto links; thank you, sedrubal! (#300) | |
627 | |
628 * clarify security policy in docs (#303) | |
629 | |
630 * fix dependency specification for html5lib 1.0b8, 1.0b9, and 1.0b10; thank you, | |
631 Zoltán! (#268) | |
632 | |
633 * add Bleach vs. html5lib comparison to README; thank you, Stu Cox! (#278) | |
634 | |
635 * fix KeyError exceptions on tags without href attr; thank you, Alex Defsen! | |
636 (#273) | |
637 | |
638 * add test website and scripts to test ``bleach.clean()`` output in browser; | |
639 thank you, Greg Guthe! | |
640 | |
641 | |
642 Version 2.0 (March 8th, 2017) | |
643 ----------------------------- | |
644 | |
645 **Security fixes** | |
646 | |
647 * None | |
648 | |
649 | |
650 **Backwards incompatible changes** | |
651 | |
652 * Removed support for Python 2.6. #206 | |
653 | |
654 * Removed support for Python 3.2. #224 | |
655 | |
656 * Bleach no longer supports html5lib < 0.99999999 (8 9s). | |
657 | |
658 This version is a rewrite to use the new sanitizing API since the old | |
659 one was dropped in html5lib 0.99999999 (8 9s). | |
660 | |
661 If you're using 0.9999999 (7 9s) upgrade to 0.99999999 (8 9s) or higher. | |
662 | |
663 If you're using 1.0b8 (equivalent to 0.9999999 (7 9s)), upgrade to 1.0b9 | |
664 (equivalent to 0.99999999 (8 9s)) or higher. | |
665 | |
666 * ``bleach.clean`` and friends were rewritten | |
667 | |
668 ``clean`` was reimplemented as an html5lib filter and happens at a different | |
669 step in the HTML parsing -> traversing -> serializing process. Because of | |
670 that, there are some differences in clean's output as compared with previous | |
671 versions. | |
672 | |
673 Amongst other things, this version will add end tags even if the tag in | |
674 question is to be escaped. | |
675 | |
676 * ``bleach.clean`` and friends attribute callables now take three arguments: | |
677 tag, attribute name and attribute value. Previously they only took attribute | |
678 name and attribute value. | |
679 | |
680 All attribute callables will need to be updated. | |
681 | |
682 * ``bleach.linkify`` was rewritten | |
683 | |
684 ``linkify`` was reimplemented as an html5lib Filter. As such, it no longer | |
685 accepts a ``tokenizer`` argument. | |
686 | |
687 The callback functions for adjusting link attributes now takes a namespaced | |
688 attribute. | |
689 | |
690 Previously you'd do something like this:: | |
691 | |
692 def check_protocol(attrs, is_new): | |
693 if not attrs.get('href', '').startswith('http:', 'https:')): | |
694 return None | |
695 return attrs | |
696 | |
697 Now it's more like this:: | |
698 | |
699 def check_protocol(attrs, is_new): | |
700 if not attrs.get((None, u'href'), u'').startswith(('http:', 'https:')): | |
701 # ^^^^^^^^^^^^^^^ | |
702 return None | |
703 return attrs | |
704 | |
705 Further, you need to make sure you're always using unicode values. If you | |
706 don't then html5lib will raise an assertion error that the value is not | |
707 unicode. | |
708 | |
709 All linkify filters will need to be updated. | |
710 | |
711 * ``bleach.linkify`` and friends had a ``skip_pre`` argument--that's been | |
712 replaced with a more general ``skip_tags`` argument. | |
713 | |
714 Before, you might do:: | |
715 | |
716 bleach.linkify(some_text, skip_pre=True) | |
717 | |
718 The equivalent with Bleach 2.0 is:: | |
719 | |
720 bleach.linkify(some_text, skip_tags=['pre']) | |
721 | |
722 You can skip other tags, too, like ``style`` or ``script`` or other places | |
723 where you don't want linkification happening. | |
724 | |
725 All uses of linkify that use ``skip_pre`` will need to be updated. | |
726 | |
727 | |
728 **Changes** | |
729 | |
730 * Supports Python 3.6. | |
731 | |
732 * Supports html5lib >= 0.99999999 (8 9s). | |
733 | |
734 * There's a ``bleach.sanitizer.Cleaner`` class that you can instantiate with your | |
735 favorite clean settings for easy reuse. | |
736 | |
737 * There's a ``bleach.linkifier.Linker`` class that you can instantiate with your | |
738 favorite linkify settings for easy reuse. | |
739 | |
740 * There's a ``bleach.linkifier.LinkifyFilter`` which is an htm5lib filter that | |
741 you can pass as a filter to ``bleach.sanitizer.Cleaner`` allowing you to clean | |
742 and linkify in one pass. | |
743 | |
744 * ``bleach.clean`` and friends can now take a callable as an attributes arg value. | |
745 | |
746 * Tons of bug fixes. | |
747 | |
748 * Cleaned up tests. | |
749 | |
750 * Documentation fixes. | |
751 | |
752 | |
753 Version 1.5 (November 4th, 2016) | |
754 -------------------------------- | |
755 | |
756 **Security fixes** | |
757 | |
758 * None | |
759 | |
760 **Backwards incompatible changes** | |
761 | |
762 * clean: The list of ``ALLOWED_PROTOCOLS`` now defaults to http, https and | |
763 mailto. | |
764 | |
765 Previously it was a long list of protocols something like ed2k, ftp, http, | |
766 https, irc, mailto, news, gopher, nntp, telnet, webcal, xmpp, callto, feed, | |
767 urn, aim, rsync, tag, ssh, sftp, rtsp, afs, data. #149 | |
768 | |
769 **Changes** | |
770 | |
771 * clean: Added ``protocols`` to arguments list to let you override the list of | |
772 allowed protocols. Thank you, Andreas Malecki! #149 | |
773 | |
774 * linkify: Fix a bug involving periods at the end of an email address. Thank you, | |
775 Lorenz Schori! #219 | |
776 | |
777 * linkify: Fix linkification of non-ascii ports. Thank you Alexandre, Macabies! | |
778 #207 | |
779 | |
780 * linkify: Fix linkify inappropriately removing node tails when dropping nodes. | |
781 #132 | |
782 | |
783 * Fixed a test that failed periodically. #161 | |
784 | |
785 * Switched from nose to py.test. #204 | |
786 | |
787 * Add test matrix for all supported Python and html5lib versions. #230 | |
788 | |
789 * Limit to html5lib ``>=0.999,!=0.9999,!=0.99999,<0.99999999`` because 0.9999 | |
790 and 0.99999 are busted. | |
791 | |
792 * Add support for ``python setup.py test``. #97 | |
793 | |
794 | |
795 Version 1.4.3 (May 23rd, 2016) | |
796 ------------------------------ | |
797 | |
798 **Security fixes** | |
799 | |
800 * None | |
801 | |
802 **Changes** | |
803 | |
804 * Limit to html5lib ``>=0.999,<0.99999999`` because of impending change to | |
805 sanitizer api. #195 | |
806 | |
807 | |
808 Version 1.4.2 (September 11, 2015) | |
809 ---------------------------------- | |
810 | |
811 **Changes** | |
812 | |
813 * linkify: Fix hang in linkify with ``parse_email=True``. #124 | |
814 | |
815 * linkify: Fix crash in linkify when removing a link that is a first-child. #136 | |
816 | |
817 * Updated TLDs. | |
818 | |
819 * linkify: Don't remove exterior brackets when linkifying. #146 | |
820 | |
821 | |
822 Version 1.4.1 (December 15, 2014) | |
823 --------------------------------- | |
824 | |
825 **Changes** | |
826 | |
827 * Consistent order of attributes in output. | |
828 | |
829 * Python 3.4 support. | |
830 | |
831 | |
832 Version 1.4 (January 12, 2014) | |
833 ------------------------------ | |
834 | |
835 **Changes** | |
836 | |
837 * linkify: Update linkify to use etree type Treewalker instead of simpletree. | |
838 | |
839 * Updated html5lib to version ``>=0.999``. | |
840 | |
841 * Update all code to be compatible with Python 3 and 2 using six. | |
842 | |
843 * Switch to Apache License. | |
844 | |
845 | |
846 Version 1.3 | |
847 ----------- | |
848 | |
849 * Used by Python 3-only fork. | |
850 | |
851 | |
852 Version 1.2.2 (May 18, 2013) | |
853 ---------------------------- | |
854 | |
855 * Pin html5lib to version 0.95 for now due to major API break. | |
856 | |
857 | |
858 Version 1.2.1 (February 19, 2013) | |
859 --------------------------------- | |
860 | |
861 * ``clean()`` no longer considers ``feed:`` an acceptable protocol due to | |
862 inconsistencies in browser behavior. | |
863 | |
864 | |
865 Version 1.2 (January 28, 2013) | |
866 ------------------------------ | |
867 | |
868 * ``linkify()`` has changed considerably. Many keyword arguments have been | |
869 replaced with a single callbacks list. Please see the documentation for more | |
870 information. | |
871 | |
872 * Bleach will no longer consider unacceptable protocols when linkifying. | |
873 | |
874 * ``linkify()`` now takes a tokenizer argument that allows it to skip | |
875 sanitization. | |
876 | |
877 * ``delinkify()`` is gone. | |
878 | |
879 * Removed exception handling from ``_render``. ``clean()`` and ``linkify()`` may | |
880 now throw. | |
881 | |
882 * ``linkify()`` correctly ignores case for protocols and domain names. | |
883 | |
884 * ``linkify()`` correctly handles markup within an <a> tag. | |
885 | |
886 | |
887 Version 1.1.5 | |
888 ------------- | |
889 | |
890 | |
891 Version 1.1.4 | |
892 ------------- | |
893 | |
894 | |
895 Version 1.1.3 (July 10, 2012) | |
896 ----------------------------- | |
897 | |
898 * Fix parsing bare URLs when parse_email=True. | |
899 | |
900 | |
901 Version 1.1.2 (June 1, 2012) | |
902 ---------------------------- | |
903 | |
904 * Fix hang in style attribute sanitizer. (#61) | |
905 | |
906 * Allow ``/`` in style attribute values. | |
907 | |
908 | |
909 Version 1.1.1 (February 17, 2012) | |
910 --------------------------------- | |
911 | |
912 * Fix tokenizer for html5lib 0.9.5. | |
913 | |
914 | |
915 Version 1.1.0 (October 24, 2011) | |
916 -------------------------------- | |
917 | |
918 * ``linkify()`` now understands port numbers. (#38) | |
919 | |
920 * Documented character encoding behavior. (#41) | |
921 | |
922 * Add an optional target argument to ``linkify()``. | |
923 | |
924 * Add ``delinkify()`` method. (#45) | |
925 | |
926 * Support subdomain whitelist for ``delinkify()``. (#47, #48) | |
927 | |
928 | |
929 Version 1.0.4 (September 2, 2011) | |
930 --------------------------------- | |
931 | |
932 * Switch to SemVer git tags. | |
933 | |
934 * Make ``linkify()`` smarter about trailing punctuation. (#30) | |
935 | |
936 * Pass ``exc_info`` to logger during rendering issues. | |
937 | |
938 * Add wildcard key for attributes. (#19) | |
939 | |
940 * Make ``linkify()`` use the ``HTMLSanitizer`` tokenizer. (#36) | |
941 | |
942 * Fix URLs wrapped in parentheses. (#23) | |
943 | |
944 * Make ``linkify()`` UTF-8 safe. (#33) | |
945 | |
946 | |
947 Version 1.0.3 (June 14, 2011) | |
948 ----------------------------- | |
949 | |
950 * ``linkify()`` works with 3rd level domains. (#24) | |
951 | |
952 * ``clean()`` supports vendor prefixes in style values. (#31, #32) | |
953 | |
954 * Fix ``linkify()`` email escaping. | |
955 | |
956 | |
957 Version 1.0.2 (June 6, 2011) | |
958 ---------------------------- | |
959 | |
960 * ``linkify()`` supports email addresses. | |
961 | |
962 * ``clean()`` supports callables in attributes filter. | |
963 | |
964 | |
965 Version 1.0.1 (April 12, 2011) | |
966 ------------------------------ | |
967 | |
968 * ``linkify()`` doesn't drop trailing slashes. (#21) | |
969 * ``linkify()`` won't linkify 'libgl.so.1'. (#22) | |
970 | |
971 |