##// END OF EJS Templates
bleach: moved clean out of the catch context, so we no longer allow sanitizer to be bypassed....
marcink -
r2992:63458594 default
parent child Browse files
Show More
@@ -146,15 +146,15 b' self: super: {'
146 };
146 };
147 };
147 };
148 "bleach" = super.buildPythonPackage {
148 "bleach" = super.buildPythonPackage {
149 name = "bleach-2.1.3";
149 name = "bleach-2.1.4";
150 doCheck = false;
150 doCheck = false;
151 propagatedBuildInputs = [
151 propagatedBuildInputs = [
152 self."six"
152 self."six"
153 self."html5lib"
153 self."html5lib"
154 ];
154 ];
155 src = fetchurl {
155 src = fetchurl {
156 url = "https://files.pythonhosted.org/packages/eb/ea/58428609442130dc31d3a59010bf6cbd263a16c589d01d23b7c1e6997e3b/bleach-2.1.3.tar.gz";
156 url = "https://files.pythonhosted.org/packages/7a/b7/fa555afb61462b030abaf9ed1479b8ea031510f58c7706b06113be9f82ea/bleach-2.1.4.tar.gz";
157 sha256 = "0i4sga1rlnn0qaf9y52i31bk2isd2f5q6jlxrvci179l6bv8cwzb";
157 sha256 = "1n337zbdml6z6zia0b1qgv6xiddx3qlwmcg9vk2mk60jcxhmzs8f";
158 };
158 };
159 meta = {
159 meta = {
160 license = [ pkgs.lib.licenses.asl20 ];
160 license = [ pkgs.lib.licenses.asl20 ];
@@ -101,7 +101,7 b' zope.interface==4.5.0'
101 # entrypoints backport, pypi version doesn't support egg installs
101 # entrypoints backport, pypi version doesn't support egg installs
102 https://code.rhodecode.com/upstream/entrypoints/archive/96e6d645684e1af3d7df5b5272f3fe85a546b233.tar.gz?md5=7db37771aea9ac9fefe093e5d6987313#egg=entrypoints==0.2.2.rhodecode-upstream1
102 https://code.rhodecode.com/upstream/entrypoints/archive/96e6d645684e1af3d7df5b5272f3fe85a546b233.tar.gz?md5=7db37771aea9ac9fefe093e5d6987313#egg=entrypoints==0.2.2.rhodecode-upstream1
103 nbconvert==5.3.1
103 nbconvert==5.3.1
104 bleach==2.1.3
104 bleach==2.1.4
105 nbformat==4.4.0
105 nbformat==4.4.0
106 jupyter_client==5.0.0
106 jupyter_client==5.0.0
107
107
@@ -240,7 +240,11 b' class MarkupRenderer(object):'
240 from .bleach_whitelist import markdown_attrs, markdown_tags
240 from .bleach_whitelist import markdown_attrs, markdown_tags
241 allowed_tags = markdown_tags
241 allowed_tags = markdown_tags
242 allowed_attrs = markdown_attrs
242 allowed_attrs = markdown_attrs
243
244 try:
243 return bleach.clean(text, tags=allowed_tags, attributes=allowed_attrs)
245 return bleach.clean(text, tags=allowed_tags, attributes=allowed_attrs)
246 except Exception:
247 return 'UNPARSEABLE TEXT'
244
248
245 @classmethod
249 @classmethod
246 def renderer_from_filename(cls, filename, exclude):
250 def renderer_from_filename(cls, filename, exclude):
@@ -361,17 +365,18 b' class MarkupRenderer(object):'
361 if flavored:
365 if flavored:
362 source = cls._flavored_markdown(source)
366 source = cls._flavored_markdown(source)
363 rendered = markdown_renderer.convert(source)
367 rendered = markdown_renderer.convert(source)
364 if clean_html:
365 rendered = cls.bleach_clean(rendered)
366 return rendered
367 except Exception:
368 except Exception:
368 log.exception('Error when rendering Markdown')
369 log.exception('Error when rendering Markdown')
369 if safe:
370 if safe:
370 log.debug('Fallback to render in plain mode')
371 log.debug('Fallback to render in plain mode')
371 return cls.plain(source)
372 rendered = cls.plain(source)
372 else:
373 else:
373 raise
374 raise
374
375
376 if clean_html:
377 rendered = cls.bleach_clean(rendered)
378 return rendered
379
375 @classmethod
380 @classmethod
376 def rst(cls, source, safe=True, mentions=False, clean_html=False):
381 def rst(cls, source, safe=True, mentions=False, clean_html=False):
377 if mentions:
382 if mentions:
General Comments 0
You need to be logged in to leave comments. Login now