Bleach 6 update (#4610)

* Update bleach requirement from ==5.0.* to ==6.2.*

Updates the requirements on [bleach](https://github.com/mozilla/bleach) to permit the latest version.
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v5.0.0...v6.2.0)

---
updated-dependencies:
- dependency-name: bleach
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update bleach parameter types

* Fix tests

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

src/pretix/base/invoice.py

@@ -289,7 +289,7 @@ class BaseReportlabInvoiceRenderer(BaseInvoiceRenderer):
     def _clean_text(self, text, tags=None):
         return self._normalize(bleach.clean(
             text,
-            tags=tags or []
+            tags=set(tags) if tags else set()
         ).strip().replace('<br>', '<br />').replace('\n', '<br />\n'))
 
 
@@ -461,7 +461,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
     def _draw_event(self, canvas):
         def shorten(txt):
             txt = str(txt)
-            txt = bleach.clean(txt, tags=[]).strip()
+            txt = bleach.clean(txt, tags=set()).strip()
             p = Paragraph(self._normalize(txt.strip().replace('\n', '<br />\n')), style=self.stylesheet['Normal'])
             p_size = p.wrap(self.event_width, self.event_height)
 

src/pretix/base/settings.py

@@ -550,7 +550,7 @@ DEFAULTS = {
         'serializer_class': serializers.BooleanField,
         'type': bool,
         'form_kwargs': dict(
-            label=_("Require a business addresses"),
+            label=_("Require a business address"),
             help_text=_('This will require users to enter a company name.'),
             widget=forms.CheckboxInput(attrs={'data-checkbox-dependency': '#id_invoice_address_required'}),
         )

src/pretix/base/templatetags/rich_text.py

@@ -54,7 +54,7 @@ from tlds import tld_set
 
 register = template.Library()
 
-ALLOWED_TAGS_SNIPPET = [
+ALLOWED_TAGS_SNIPPET = {
     'a',
     'abbr',
     'acronym',
@@ -68,8 +68,8 @@ ALLOWED_TAGS_SNIPPET = [
     'strike',
     's',
     # Update doc/user/markdown.rst if you change this!
-]
-ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET + [
+}
+ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET | {
     'blockquote',
     'li',
     'ol',
@@ -91,7 +91,7 @@ ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET + [
     'h6',
     'pre',
     # Update doc/user/markdown.rst if you change this!
-]
+}
 
 ALLOWED_ATTRIBUTES = {
     'a': ['href', 'title', 'class'],
@@ -106,7 +106,7 @@ ALLOWED_ATTRIBUTES = {
     # Update doc/user/markdown.rst if you change this!
 }
 
-ALLOWED_PROTOCOLS = ['http', 'https', 'mailto', 'tel']
+ALLOWED_PROTOCOLS = {'http', 'https', 'mailto', 'tel'}
 
 URL_RE = SimpleLazyObject(lambda: build_url_re(tlds=sorted(tld_set, key=len, reverse=True)))
 
@@ -211,9 +211,9 @@ class CleanPostprocessor(Postprocessor):
     def run(self, text):
         return bleach.clean(
             text,
-            tags=self.tags,
+            tags=set(self.tags),
             attributes=self.attributes,
-            protocols=self.protocols,
+            protocols=set(self.protocols),
             strip=self.strip
         )
 
@@ -308,7 +308,7 @@ def markdown_compile_email(source, allowed_tags=ALLOWED_TAGS, allowed_attributes
             EmailNl2BrExtension(),
             LinkifyAndCleanExtension(
                 linker,
-                tags=allowed_tags,
+                tags=set(allowed_tags),
                 attributes=allowed_attributes,
                 protocols=ALLOWED_PROTOCOLS,
                 strip=False,

src/pretix/control/logdisplay.py

@@ -613,7 +613,7 @@ def pretixcontrol_logentry_display(sender: Event, logentry: LogEntry, **kwargs):
 
     if logentry.action_type == 'pretix.event.order.consent':
         return _('The user confirmed the following message: "{}"').format(
-            bleach.clean(logentry.parsed_data.get('msg'), tags=[], strip=True)
+            bleach.clean(logentry.parsed_data.get('msg'), tags=set(), strip=True)
         )
 
     if logentry.action_type == 'pretix.event.order.canceled':

src/pretix/plugins/checkinlists/exporters.py

@@ -421,7 +421,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter):
                 )
             if op.seat:
                 item += '<br/>' + str(op.seat)
-            name = bleach.clean(str(name), tags=['br']).strip().replace('<br>', '<br/>')
+            name = bleach.clean(str(name), tags={'br'}).strip().replace('<br>', '<br/>')
             if op.blocked:
                 name = '<font face="OpenSansBd">[' + _('Blocked') + ']</font> ' + name
             row = [
@@ -430,7 +430,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter):
                 '✘' if op.order.status != Order.STATUS_PAID else '✔',
                 op.order.code,
                 Paragraph(name, self.get_style()),
-                Paragraph(bleach.clean(str(item), tags=['br']).strip().replace('<br>', '<br/>'), self.get_style()),
+                Paragraph(bleach.clean(str(item), tags={'br'}).strip().replace('<br>', '<br/>'), self.get_style()),
             ]
             acache = {}
             if op.addon_to:
@@ -440,7 +440,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter):
                 acache[a.question_id] = format_answer_for_export(a)
             for q in questions:
                 txt = acache.get(q.pk, '')
-                txt = bleach.clean(txt, tags=['br']).strip().replace('<br>', '<br/>')
+                txt = bleach.clean(txt, tags={'br'}).strip().replace('<br>', '<br/>')
                 p = Paragraph(txt, self.get_style())
                 while p.wrap(colwidths[len(row)], 5000)[1] > 50 * mm:
                     txt = txt[:len(txt) - 50] + "..."

src/pretix/plugins/sendmail/views.py

@@ -198,7 +198,7 @@ class BaseSenderView(EventPermissionRequiredMixin, FormView):
                             escape(v.render_sample(self.request.event))
                         )
 
-                    subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=[])
+                    subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=set())
                     preview_subject = prefix_subject(self.request.event, format_map(subject, context_dict), highlight=True)
                     message = form.cleaned_data['message'].localize(l)
                     preview_text = markdown_compile_email(format_map(message, context_dict))
@@ -616,7 +616,7 @@ class CreateRule(EventPermissionRequiredMixin, CreateView):
                             escape(v.render_sample(self.request.event))
                         )
 
-                    subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=[])
+                    subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=set())
                     preview_subject = prefix_subject(self.request.event, format_map(subject, context_dict), highlight=True)
                     template = form.cleaned_data['template'].localize(l)
                     preview_text = markdown_compile_email(format_map(template, context_dict))
@@ -692,7 +692,7 @@ class UpdateRule(EventPermissionRequiredMixin, UpdateView):
                         escape(v.render_sample(self.request.event))
                     )
 
-                subject = bleach.clean(self.object.subject.localize(lang), tags=[])
+                subject = bleach.clean(self.object.subject.localize(lang), tags=set())
                 preview_subject = prefix_subject(self.request.event, format_map(subject, placeholders), highlight=True)
                 template = self.object.template.localize(lang)
                 preview_text = markdown_compile_email(format_map(template, placeholders))