##// END OF EJS Templates
bleach: moved clean out of the catch context, so we no longer allow sanitizer to be bypassed....
marcink -
r2992:63458594 default
parent child Browse files
Show More
@@ -146,15 +146,15 b' self: super: {'
146 146 };
147 147 };
148 148 "bleach" = super.buildPythonPackage {
149 name = "bleach-2.1.3";
149 name = "bleach-2.1.4";
150 150 doCheck = false;
151 151 propagatedBuildInputs = [
152 152 self."six"
153 153 self."html5lib"
154 154 ];
155 155 src = fetchurl {
156 url = "https://files.pythonhosted.org/packages/eb/ea/58428609442130dc31d3a59010bf6cbd263a16c589d01d23b7c1e6997e3b/bleach-2.1.3.tar.gz";
157 sha256 = "0i4sga1rlnn0qaf9y52i31bk2isd2f5q6jlxrvci179l6bv8cwzb";
156 url = "https://files.pythonhosted.org/packages/7a/b7/fa555afb61462b030abaf9ed1479b8ea031510f58c7706b06113be9f82ea/bleach-2.1.4.tar.gz";
157 sha256 = "1n337zbdml6z6zia0b1qgv6xiddx3qlwmcg9vk2mk60jcxhmzs8f";
158 158 };
159 159 meta = {
160 160 license = [ pkgs.lib.licenses.asl20 ];
@@ -101,7 +101,7 b' zope.interface==4.5.0'
101 101 # entrypoints backport, pypi version doesn't support egg installs
102 102 https://code.rhodecode.com/upstream/entrypoints/archive/96e6d645684e1af3d7df5b5272f3fe85a546b233.tar.gz?md5=7db37771aea9ac9fefe093e5d6987313#egg=entrypoints==0.2.2.rhodecode-upstream1
103 103 nbconvert==5.3.1
104 bleach==2.1.3
104 bleach==2.1.4
105 105 nbformat==4.4.0
106 106 jupyter_client==5.0.0
107 107
@@ -240,7 +240,11 b' class MarkupRenderer(object):'
240 240 from .bleach_whitelist import markdown_attrs, markdown_tags
241 241 allowed_tags = markdown_tags
242 242 allowed_attrs = markdown_attrs
243
244 try:
243 245 return bleach.clean(text, tags=allowed_tags, attributes=allowed_attrs)
246 except Exception:
247 return 'UNPARSEABLE TEXT'
244 248
245 249 @classmethod
246 250 def renderer_from_filename(cls, filename, exclude):
@@ -361,17 +365,18 b' class MarkupRenderer(object):'
361 365 if flavored:
362 366 source = cls._flavored_markdown(source)
363 367 rendered = markdown_renderer.convert(source)
364 if clean_html:
365 rendered = cls.bleach_clean(rendered)
366 return rendered
367 368 except Exception:
368 369 log.exception('Error when rendering Markdown')
369 370 if safe:
370 371 log.debug('Fallback to render in plain mode')
371 return cls.plain(source)
372 rendered = cls.plain(source)
372 373 else:
373 374 raise
374 375
376 if clean_html:
377 rendered = cls.bleach_clean(rendered)
378 return rendered
379
375 380 @classmethod
376 381 def rst(cls, source, safe=True, mentions=False, clean_html=False):
377 382 if mentions:
General Comments 0
You need to be logged in to leave comments. Login now