From 3170744c56cad1651acb13b5c407ec5aa4c5f2a7 Mon Sep 17 00:00:00 2001 From: Mira Date: Mon, 11 Nov 2024 15:34:40 +0100 Subject: [PATCH] Bleach 6 update (#4610) * Update bleach requirement from ==5.0.* to ==6.2.* Updates the requirements on [bleach](https://github.com/mozilla/bleach) to permit the latest version. - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](https://github.com/mozilla/bleach/compare/v5.0.0...v6.2.0) --- updated-dependencies: - dependency-name: bleach dependency-type: direct:production ... Signed-off-by: dependabot[bot] * Update bleach parameter types * Fix tests --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pyproject.toml | 2 +- src/pretix/base/invoice.py | 4 ++-- src/pretix/base/settings.py | 2 +- src/pretix/base/templatetags/rich_text.py | 16 ++++++++-------- src/pretix/control/logdisplay.py | 2 +- src/pretix/plugins/checkinlists/exporters.py | 6 +++--- src/pretix/plugins/sendmail/views.py | 6 +++--- src/tests/base/test_rich_text.py | 2 +- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 8e9202bdf9..2efb6c3ad0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -29,7 +29,7 @@ dependencies = [ "arabic-reshaper==3.0.0", # Support for Arabic in reportlab "babel", "BeautifulSoup4==4.12.*", - "bleach==5.0.*", + "bleach==6.2.*", "celery==5.4.*", "chardet==5.2.*", "cryptography>=3.4.2", diff --git a/src/pretix/base/invoice.py b/src/pretix/base/invoice.py index 30b1d3207d..30de1433e8 100644 --- a/src/pretix/base/invoice.py +++ b/src/pretix/base/invoice.py @@ -289,7 +289,7 @@ class BaseReportlabInvoiceRenderer(BaseInvoiceRenderer): def _clean_text(self, text, tags=None): return self._normalize(bleach.clean( text, - tags=tags or [] + tags=set(tags) if tags else set() ).strip().replace('
', '
').replace('\n', '
\n')) @@ -461,7 +461,7 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer): def _draw_event(self, canvas): def shorten(txt): txt = str(txt) - txt = bleach.clean(txt, tags=[]).strip() + txt = bleach.clean(txt, tags=set()).strip() p = Paragraph(self._normalize(txt.strip().replace('\n', '
\n')), style=self.stylesheet['Normal']) p_size = p.wrap(self.event_width, self.event_height) diff --git a/src/pretix/base/settings.py b/src/pretix/base/settings.py index c16e6b6e06..26d6824cbc 100644 --- a/src/pretix/base/settings.py +++ b/src/pretix/base/settings.py @@ -550,7 +550,7 @@ DEFAULTS = { 'serializer_class': serializers.BooleanField, 'type': bool, 'form_kwargs': dict( - label=_("Require a business addresses"), + label=_("Require a business address"), help_text=_('This will require users to enter a company name.'), widget=forms.CheckboxInput(attrs={'data-checkbox-dependency': '#id_invoice_address_required'}), ) diff --git a/src/pretix/base/templatetags/rich_text.py b/src/pretix/base/templatetags/rich_text.py index d2324ef07f..1fe053abca 100644 --- a/src/pretix/base/templatetags/rich_text.py +++ b/src/pretix/base/templatetags/rich_text.py @@ -54,7 +54,7 @@ from tlds import tld_set register = template.Library() -ALLOWED_TAGS_SNIPPET = [ +ALLOWED_TAGS_SNIPPET = { 'a', 'abbr', 'acronym', @@ -68,8 +68,8 @@ ALLOWED_TAGS_SNIPPET = [ 'strike', 's', # Update doc/user/markdown.rst if you change this! -] -ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET + [ +} +ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET | { 'blockquote', 'li', 'ol', @@ -91,7 +91,7 @@ ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET + [ 'h6', 'pre', # Update doc/user/markdown.rst if you change this! -] +} ALLOWED_ATTRIBUTES = { 'a': ['href', 'title', 'class'], @@ -106,7 +106,7 @@ ALLOWED_ATTRIBUTES = { # Update doc/user/markdown.rst if you change this! } -ALLOWED_PROTOCOLS = ['http', 'https', 'mailto', 'tel'] +ALLOWED_PROTOCOLS = {'http', 'https', 'mailto', 'tel'} URL_RE = SimpleLazyObject(lambda: build_url_re(tlds=sorted(tld_set, key=len, reverse=True))) @@ -211,9 +211,9 @@ class CleanPostprocessor(Postprocessor): def run(self, text): return bleach.clean( text, - tags=self.tags, + tags=set(self.tags), attributes=self.attributes, - protocols=self.protocols, + protocols=set(self.protocols), strip=self.strip ) @@ -308,7 +308,7 @@ def markdown_compile_email(source, allowed_tags=ALLOWED_TAGS, allowed_attributes EmailNl2BrExtension(), LinkifyAndCleanExtension( linker, - tags=allowed_tags, + tags=set(allowed_tags), attributes=allowed_attributes, protocols=ALLOWED_PROTOCOLS, strip=False, diff --git a/src/pretix/control/logdisplay.py b/src/pretix/control/logdisplay.py index d4cc6eecd9..c4176ead45 100644 --- a/src/pretix/control/logdisplay.py +++ b/src/pretix/control/logdisplay.py @@ -613,7 +613,7 @@ def pretixcontrol_logentry_display(sender: Event, logentry: LogEntry, **kwargs): if logentry.action_type == 'pretix.event.order.consent': return _('The user confirmed the following message: "{}"').format( - bleach.clean(logentry.parsed_data.get('msg'), tags=[], strip=True) + bleach.clean(logentry.parsed_data.get('msg'), tags=set(), strip=True) ) if logentry.action_type == 'pretix.event.order.canceled': diff --git a/src/pretix/plugins/checkinlists/exporters.py b/src/pretix/plugins/checkinlists/exporters.py index f7749f6325..f42ef7eb2b 100644 --- a/src/pretix/plugins/checkinlists/exporters.py +++ b/src/pretix/plugins/checkinlists/exporters.py @@ -421,7 +421,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter): ) if op.seat: item += '
' + str(op.seat) - name = bleach.clean(str(name), tags=['br']).strip().replace('
', '
') + name = bleach.clean(str(name), tags={'br'}).strip().replace('
', '
') if op.blocked: name = '[' + _('Blocked') + '] ' + name row = [ @@ -430,7 +430,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter): '✘' if op.order.status != Order.STATUS_PAID else '✔', op.order.code, Paragraph(name, self.get_style()), - Paragraph(bleach.clean(str(item), tags=['br']).strip().replace('
', '
'), self.get_style()), + Paragraph(bleach.clean(str(item), tags={'br'}).strip().replace('
', '
'), self.get_style()), ] acache = {} if op.addon_to: @@ -440,7 +440,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter): acache[a.question_id] = format_answer_for_export(a) for q in questions: txt = acache.get(q.pk, '') - txt = bleach.clean(txt, tags=['br']).strip().replace('
', '
') + txt = bleach.clean(txt, tags={'br'}).strip().replace('
', '
') p = Paragraph(txt, self.get_style()) while p.wrap(colwidths[len(row)], 5000)[1] > 50 * mm: txt = txt[:len(txt) - 50] + "..." diff --git a/src/pretix/plugins/sendmail/views.py b/src/pretix/plugins/sendmail/views.py index be5c18c688..c3d85c2c6d 100644 --- a/src/pretix/plugins/sendmail/views.py +++ b/src/pretix/plugins/sendmail/views.py @@ -198,7 +198,7 @@ class BaseSenderView(EventPermissionRequiredMixin, FormView): escape(v.render_sample(self.request.event)) ) - subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=[]) + subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=set()) preview_subject = prefix_subject(self.request.event, format_map(subject, context_dict), highlight=True) message = form.cleaned_data['message'].localize(l) preview_text = markdown_compile_email(format_map(message, context_dict)) @@ -616,7 +616,7 @@ class CreateRule(EventPermissionRequiredMixin, CreateView): escape(v.render_sample(self.request.event)) ) - subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=[]) + subject = bleach.clean(form.cleaned_data['subject'].localize(l), tags=set()) preview_subject = prefix_subject(self.request.event, format_map(subject, context_dict), highlight=True) template = form.cleaned_data['template'].localize(l) preview_text = markdown_compile_email(format_map(template, context_dict)) @@ -692,7 +692,7 @@ class UpdateRule(EventPermissionRequiredMixin, UpdateView): escape(v.render_sample(self.request.event)) ) - subject = bleach.clean(self.object.subject.localize(lang), tags=[]) + subject = bleach.clean(self.object.subject.localize(lang), tags=set()) preview_subject = prefix_subject(self.request.event, format_map(subject, placeholders), highlight=True) template = self.object.template.localize(lang) preview_text = markdown_compile_email(format_map(template, placeholders)) diff --git a/src/tests/base/test_rich_text.py b/src/tests/base/test_rich_text.py index 6a952ad2e6..cfec1df683 100644 --- a/src/tests/base/test_rich_text.py +++ b/src/tests/base/test_rich_text.py @@ -137,7 +137,7 @@ def test_markdown_email_custom_allowlist(): source = "![my image](https://example.org/my-image.jpg)" html = markdown_compile_email( source, - allowed_tags=ALLOWED_TAGS + ["img"], + allowed_tags=ALLOWED_TAGS | {"img"}, allowed_attributes=dict(ALLOWED_ATTRIBUTES, img=["src", "alt", "title"]), ) assert html == '

my image

'