From 27b6113a73d06f0c715bd385a890cf508f2b46756aee13804a9e9f6ef9b9d542 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 19 Nov 2024 12:15:21 +0000 Subject: [PATCH] - update to 6.2.0: * Dropped support for Python 3.8. (#737) * Add support for Python 3.13. (#736) * Remove six depdenncy. (#618) * Update known-good versions for tinycss2. (#732) * Fix additional < followed by characters and EOF issues. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=57 --- .gitattributes | 23 +++ .gitignore | 1 + bleach-6.1.0.tar.gz | 3 + bleach-6.2.0.tar.gz | 3 + de-vendor.patch | 86 ++++++++++ python-bleach.changes | 388 ++++++++++++++++++++++++++++++++++++++++++ python-bleach.spec | 75 ++++++++ strip-spaces.patch | 22 +++ 8 files changed, 601 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 bleach-6.1.0.tar.gz create mode 100644 bleach-6.2.0.tar.gz create mode 100644 de-vendor.patch create mode 100644 python-bleach.changes create mode 100644 python-bleach.spec create mode 100644 strip-spaces.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/bleach-6.1.0.tar.gz b/bleach-6.1.0.tar.gz new file mode 100644 index 0000000..cfc9b85 --- /dev/null +++ b/bleach-6.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0a31f1837963c41d46bbf1331b8778e1308ea0791db03cc4e7357b97cf42a8fe +size 202119 diff --git a/bleach-6.2.0.tar.gz b/bleach-6.2.0.tar.gz new file mode 100644 index 0000000..ea92a34 --- /dev/null +++ b/bleach-6.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:123e894118b8a599fd80d3ec1a6d4cc7ce4e5882b1317a7e1ba69b56e95f991f +size 203083 diff --git a/de-vendor.patch b/de-vendor.patch new file mode 100644 index 0000000..850ee40 --- /dev/null +++ b/de-vendor.patch @@ -0,0 +1,86 @@ +Index: bleach-6.0.0/bleach/html5lib_shim.py +=================================================================== +--- bleach-6.0.0.orig/bleach/html5lib_shim.py ++++ bleach-6.0.0/bleach/html5lib_shim.py +@@ -14,27 +14,27 @@ warnings.filterwarnings( + "ignore", + message="html5lib's sanitizer is deprecated", + category=DeprecationWarning, +- module="bleach._vendor.html5lib", ++ module="html5lib", + ) + +-from bleach._vendor.html5lib import ( # noqa: E402 module level import not at top of file ++from html5lib import ( # noqa: E402 module level import not at top of file + HTMLParser, + getTreeWalker, + ) +-from bleach._vendor.html5lib import ( ++from html5lib import ( + constants, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.constants import ( # noqa: E402 module level import not at top of file ++from html5lib.constants import ( # noqa: E402 module level import not at top of file + namespaces, + prefixes, + ) +-from bleach._vendor.html5lib.constants import ( ++from html5lib.constants import ( + _ReparseException as ReparseException, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.filters.base import ( ++from html5lib.filters.base import ( + Filter, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.filters.sanitizer import ( ++from html5lib.filters.sanitizer import ( + allowed_protocols, + allowed_css_properties, + allowed_svg_properties, +@@ -42,21 +42,21 @@ from bleach._vendor.html5lib.filters.san + svg_attr_val_allows_ref, + svg_allow_local_href, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.filters.sanitizer import ( ++from html5lib.filters.sanitizer import ( + Filter as SanitizerFilter, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib._inputstream import ( ++from html5lib._inputstream import ( + HTMLInputStream, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib.serializer import ( ++from html5lib.serializer import ( + escape, + HTMLSerializer, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib._tokenizer import ( ++from html5lib._tokenizer import ( + attributeMap, + HTMLTokenizer, + ) # noqa: E402 module level import not at top of file +-from bleach._vendor.html5lib._trie import ( ++from html5lib._trie import ( + Trie, + ) # noqa: E402 module level import not at top of file + +Index: bleach-6.0.0/tests/test_clean.py +=================================================================== +--- bleach-6.0.0.orig/tests/test_clean.py ++++ bleach-6.0.0/tests/test_clean.py +@@ -5,7 +5,7 @@ import pytest + from bleach import clean + from bleach.html5lib_shim import Filter + from bleach.sanitizer import ALLOWED_PROTOCOLS, Cleaner, NoCssSanitizerWarning +-from bleach._vendor.html5lib.constants import rcdataElements ++from html5lib.constants import rcdataElements + + + @pytest.mark.parametrize( +Index: bleach-6.0.0/bleach/parse_shim.py +=================================================================== +--- bleach-6.0.0.orig/bleach/parse_shim.py ++++ bleach-6.0.0/bleach/parse_shim.py +@@ -1 +1 @@ +-from bleach._vendor.parse import urlparse # noqa ++from urllib.parse import urlparse # noqa diff --git a/python-bleach.changes b/python-bleach.changes new file mode 100644 index 0000000..f605d98 --- /dev/null +++ b/python-bleach.changes @@ -0,0 +1,388 @@ +------------------------------------------------------------------- +Tue Nov 19 12:15:05 UTC 2024 - Dirk Müller + +- update to 6.2.0: + * Dropped support for Python 3.8. (#737) + * Add support for Python 3.13. (#736) + * Remove six depdenncy. (#618) + * Update known-good versions for tinycss2. (#732) + * Fix additional < followed by characters and EOF issues. + +------------------------------------------------------------------- +Sat Oct 28 09:50:58 UTC 2023 - Dirk Müller + +- update to 6.1.0: + * Dropped support for Python 3.7. + * Add support for Python 3.12. + * Fix linkify with arrays in querystring + * Handle more cases with < followed by character data + * Fix entities inside a tags in linkification + * Update cap for tinycss2 to <1.3 + * Updated Sphinx requirement + * Add dependabot for github actions and update github actions + +------------------------------------------------------------------- +Thu Jun 29 11:31:20 UTC 2023 - Markéta Machová + +- Add patch strip-spaces.patch (bsc#1212852) + * sent upstream: https://github.com/mozilla/bleach/pull/706 + +------------------------------------------------------------------- +Mon May 8 11:57:24 UTC 2023 - Daniel Garcia + +- Update to 6.0.0: + * bleach.clean, bleach.sanitizer.Cleaner, + bleach.html5lib_shim.BleachHTMLParser: the tags and protocols + arguments were changed from lists to sets. + * bleach.linkify, bleach.linkifier.Linker: the skip_tags and + recognized_tags arguments were changed from lists to sets. + * bleach.sanitizer.BleachSanitizerFilter: strip_allowed_elements is + now strip_allowed_tags. We now use “tags” everywhere rather than a + mishmash of “tags” in some places and “elements” in others. + # Bug fixes + * Add support for Python 3.11. (#675) + * Fix API weirness in BleachSanitizerFilter. (#649) + * We’re using “tags” instead of “elements” everywhere–no more weird + overloading of “elements” anymore. + * Also, it no longer calls the superclass constructor. + * Add warning when css_sanitizer isn’t set, but the style attribute + is allowed. (#676) + * Fix linkify handling of character entities. (#501) + * Rework dev dependencies to use requirements-dev.txt and + requirements-flake8.txt instead of extras. + * Fix project infrastructure to be tox-based so it’s easier to have + CI run the same things we’re running in development and with + flake8 in an isolated environment. + * Update action versions in CI. + * Switch to f-strings where possible. Make tests parametrized to be + easier to read/maintain. + +------------------------------------------------------------------- +Fri Apr 21 12:22:44 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:40:18 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Fri Mar 24 11:38:58 UTC 2023 - Daniel Garcia + +- Remove not needed dependency python-packaging + +------------------------------------------------------------------- +Thu Nov 3 09:00:37 UTC 2022 - Daniel Garcia + +- Remove not needed python-six dependency +- Remove python_module macro definition +- More specific python_sitelib in files + +------------------------------------------------------------------- +Thu Sep 29 06:58:58 UTC 2022 - Steve Kowalik + +- Update to 5.0.1: + * Add missing comma to tinycss2 require. Thank you, @shadchin! + * Add url parse tests based on wpt url tests. (#688) + * Support scheme-less urls if "https" is in allow list. (#662) + * Handle escaping ``<`` in edge cases where it doesn't start a tag. (#544) + * Correctly urlencode email address parts. Thank you, @larseggert! (#659) + * ``clean`` and ``linkify`` now preserve the order of HTML attributes. + * Drop support for Python 3.6. Thank you, @hugovk! (#629) + * CSS sanitization in style tags is completely different now. + * Python 3.9 support + * Drop support for unsupported Python versions <3.6. (#520) + * add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq +- Refresh de-vendor.patch, and convert to patch level 1 + +------------------------------------------------------------------- +Tue Apr 13 09:20:21 UTC 2021 - Andreas Stieger + +- update to 3.3.0: + * Backwards incompatible change: clean escapes HTML comments + even when strip_comments=False + * Fix CVE-2021-23980: mutation XSS on bleach.clean with specific + combinations of allowed tags (boo#1184547) +- includes changes from 3.2.3: + * fix clean and linkify raising ValueErrors for certain inputs +- includes changes from 3.2.2: + * fix linkify raising an IndexError on certain inputs +- includes changes from 3.2.1: + * change linkifier to add rel="nofollow" as documented +- includes changes from 3.2.0: + * html5lib dependency increased to 1.1.0 + +------------------------------------------------------------------- +Mon Aug 31 09:15:22 UTC 2020 - Tomáš Chvátal + +- Skip tests that fail with html5lib 1.1 ref the upstream ticket + +------------------------------------------------------------------- +Wed May 6 07:12:54 UTC 2020 - Tomáš Chvátal + +- Update to 3.1.5: + * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson. + +------------------------------------------------------------------- +Wed Apr 1 11:18:24 UTC 2020 - Dirk Mueller + +- update to 3.1.4 (bsc#1168280, CVE-2020-6817): + * ``bleach.clean`` behavior parsing style attributes could result in a + regular expression denial of service (ReDoS). + Calls to ``bleach.clean`` with an allowed tag with an allowed + ``style`` attribute were vulnerable to ReDoS. For example, + ``bleach.clean(..., attributes={'a': ['style']})``. + * Style attributes with dashes, or single or double quoted values are + cleaned instead of passed through. + +------------------------------------------------------------------- +Mon Mar 23 10:09:15 UTC 2020 - Dirk Mueller + +- update to 3.1.3 (bsc#1167379, CVE-2020-6816): + * Add relative link to code of conduct. (#442) + * Drop deprecated 'setup.py test' support. (#507) + * Fix typo: curren -> current in tests/test_clean.py (#504) + * Test on PyPy 7 + * Drop test support for end of life Python 3.4 + * ``bleach.clean`` behavior parsing embedded MathML and SVG content + with RCDATA tags did not match browser behavior and could result in + a mutation XSS. + Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or + ``svg`` tags and one or more of the RCDATA tags ``script``, + ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or + ``xmp`` in the allowed tags whitelist were vulnerable to a mutation + XSS. + +------------------------------------------------------------------- +Fri Feb 28 16:13:43 UTC 2020 - Alexandros Toptsoglou + +- Update to V3.1.1: Security update for CVE-2020-6802 + + * CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303). + +------------------------------------------------------------------- +Wed Jan 8 10:35:41 CET 2020 - Matej Cepl + +- Switch off test_uri_value_allowed_protocols test to work around + gh#mozilla/bleach#503. + +------------------------------------------------------------------- +Fri Jul 19 12:02:58 UTC 2019 - Tomáš Chvátal + +- Restrict pytest to <5.0; upstream has an issue already reported + +------------------------------------------------------------------- +Sun Mar 3 09:14:50 UTC 2019 - John Vandenberg + +- Add de-vendor.patch to avoid new vendoring of html5lib in v3.1.0 +- Remove direct dependency on webencodings, a dependency of html5lib +- Update to v3.1.0 + * Add ``recognized_tags`` argument to the linkify ``Linker`` class. This + fixes issues when linkifying on its own and having some tags get escaped. + It defaults to a list of HTML5 tags + * Add ``six>=1.9`` to requirements + * Fix cases where attribute names could have invalid characters in them. + * Fix problems with ``LinkifyFilter`` not being able to match links + across ``&``. + * Fix ``InputStreamWithMemory`` when the ``BleachHTMLParser`` is + parsing ``meta`` tags + * Fix doctests. +- from v3.0.2 + * Merge ``Characters`` tokens after sanitizing them. This fixes issues + in the ``LinkifyFilter`` where it was only linkifying parts of urls +- from v3.0.1 + * Support Python 3.7. It supported Python 3.7 just fine, but 3.7 was + added to the list of Python environments being test + * Fix ``list`` object has no attribute ``lower`` in ``clean`` + * Fix ``abbr`` getting escaped in ``linkify`` +- from v3.0.0 + * [breaking] A bunch of functions were moved from one module to another. + These were moved from ``bleach.sanitizer`` to ``bleach.html5lib_shim``: + + convert_entity + + convert_entities + + match_entity + + next_possible_entity + + BleachHTMLSerializer + + BleachHTMLTokenizer + + BleachHTMLParser + These functions and classes weren't documented and aren't part of the + public API, but people read code and might be using them so we're + considering it an incompatible API change. + If you're using them, you'll need to update your code. + * Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into + Bleach. You can remove it from your requirements file if none of your other + requirements require html5lib. + This means Bleach will now work fine with other libraries that depend on + html5lib regardless of what version of html5lib they require. + * Fixed tags getting added when using clean or linkify. This was a + long-standing regression from the Bleach 2.0 rewrite + * Fixed ```` getting replaced with a string. Now it gets escaped or + stripped depending on whether it's in the allowed tags or not +- from v2.1.4 + * Dropped support for Python 3.3 + * Handle ambiguous ampersands in correctly + +------------------------------------------------------------------- +Wed Dec 5 01:56:44 UTC 2018 - Jan Engelhardt + +- Trim rhetorics and bias from descriptions. + +------------------------------------------------------------------- +Tue Dec 4 12:46:11 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Tue Mar 20 08:38:36 UTC 2018 - kbabioch@suse.com + +- Update to version 2.1.3: + * Attributes that have URI values weren't properly sanitized if the + values contained character entities. Using character entities, it + was possible to construct a URI value with a scheme that was not + allowed that would slide through unsanitized. + (CVE-2018-7753 bnc#1085969) + +------------------------------------------------------------------- +Thu Dec 7 16:50:14 UTC 2017 - arun@gmx.de + +- specfile: + * update copyright year + +- update to version 2.1.2: + * Bug fixes + + Support html5lib-python 1.0.1. (#337) + + Add deprecation warning for supporting html5lib-python < 1.0. + + Switch to semver. + +------------------------------------------------------------------- +Sat Nov 11 17:17:50 UTC 2017 - arun@gmx.de + +- specfile: + * update copyright year + +- update to version 2.1.1: + * Bug fixes + + Fix setup.py opening files when LANG=. (#324) + +- changes from version 2.1: + * Security fixes + + Convert control characters (backspace particularly) to “?” + preventing malicious copy-and-paste situations. (#298) + See https://github.com/mozilla/bleach/issues/298 for more details. + This affects all previous versions of Bleach. Check the comments + on that issue for ways to alleviate the issue if you can’t + upgrade to Bleach 2.1. + * Backwards incompatible changes + + Redid versioning. bleach.VERSION is no longer available. Use the + string version at bleach.__version__ and parse it with + pkg_resources.parse_version. (#307) + + clean, linkify: linkify and clean should only accept text types; + thank you, Janusz! (#292) + + clean, linkify: accept only unicode or utf-8-encoded str (#176) + * Bug fixes + + bleach.clean() no longer unescapes entities including ones that + are missing a ; at the end which can happen in urls and other + places. (#143) + + linkify: fix http links inside of mailto links; thank you, + sedrubal! (#300) + + clarify security policy in docs (#303) + + fix dependency specification for html5lib 1.0b8, 1.0b9, and + 1.0b10; thank you, Zoltán! (#268) + + add Bleach vs. html5lib comparison to README; thank you, Stu + Cox! (#278) + + fix KeyError exceptions on tags without href attr; thank you, + Alex Defsen! (#273) + + add test website and scripts to test bleach.clean() output in + browser; thank you, Greg Guthe! + +------------------------------------------------------------------- +Wed Apr 12 15:15:17 UTC 2017 - toddrme2178@gmail.com + +- Fix source URL. + +------------------------------------------------------------------- +Thu Apr 6 17:49:43 UTC 2017 - toddrme2178@gmail.com + +- Update to Version 2.0.0 + + Backwards incompatible changes + * Removed support for Python 2.6. #206 + * Removed support for Python 3.2. #224 + * Bleach no longer supports html5lib < 0.99999999 (8 9s). + * ``bleach.clean`` and friends were rewrittenped. + * ``bleach.clean`` and friends attribute callables now take three arguments: + tag, attribute name and attribute value. Previously they only took attribute + name and attribute value. + * ``bleach.linkify`` was rewritten + * ``bleach.linkify`` and friends had a ``skip_pre`` argument--that's been + replaced with a more general ``skip_tags`` argument. + + Changes + * Supports Python 3.6. + * Supports html5lib >= 0.99999999 (8 9s). + * There's a ``bleach.sanitizer.Cleaner`` class that you can instantiate with your + favorite clean settings for easy reuse. + * There's a ``bleach.linkifier.Linker`` class that you can instantiate with your + favorite linkify settings for easy reuse. + * There's a ``bleach.linkifier.LinkifyFilter`` which is an htm5lib filter that + you can pass as a filter to ``bleach.sanitizer.Cleaner`` allowing you to clean + and linkify in one pass. + * ``bleach.clean`` and friends can now take a callable as an attributes arg value. + * Tons of bug fixes. + * Cleaned up tests. + * Documentation fixes. +- Update to Version 1.5 + + Backwards incompatible changes + * clean: The list of ``ALLOWED_PROTOCOLS`` now defaults to http, https and + mailto. + + Changes + * clean: Added ``protocols`` to arguments list to let you override the list of + allowed protocols. Thank you, Andreas Malecki! #149 + * linkify: Fix a bug involving periods at the end of an email address. Thank you, + Lorenz Schori! #219 + * linkify: Fix linkification of non-ascii ports. Thank you Alexandre, Macabies! + #207 + * linkify: Fix linkify inappropriately removing node tails when dropping nodes. + #132 + * Fixed a test that failed periodically. #161 + * Switched from nose to py.test. #204 + * Add test matrix for all supported Python and html5lib versions. #230 + * Limit to html5lib ``>=0.999,!=0.9999,!=0.99999,<0.99999999`` because 0.9999 + and 0.99999 are busted. + * Add support for ``python setup.py test``. #97 +- Update to Version 1.4.3 (May 23rd, 2016) + + Changes + * Limit to html5lib ``>=0.999,<0.99999999`` because of impending change to + sanitizer api. #195 +- Update to Version 1.4.2 + + Changes + * linkify: Fix hang in linkify with ``parse_email=True``. #124 + * linkify: Fix crash in linkify when removing a link that is a first-child. #136 + * Updated TLDs. + * linkify: Don't remove exterior brackets when linkifying. #146 +- Implemenet single-spec version + +------------------------------------------------------------------- +Thu Sep 3 14:39:11 UTC 2015 - toddrme2178@gmail.com + +- Fix build on SLE 11 + +------------------------------------------------------------------- +Fri Aug 7 22:19:47 UTC 2015 - hpj@urpla.net + +- eabled checks again: don't know, why they failed in the first place + +------------------------------------------------------------------- +Thu Jul 30 09:34:52 UTC 2015 - hpj@urpla.net + +- disabled checks: developer unresponsive + +------------------------------------------------------------------- +Wed Jun 17 18:11:49 UTC 2015 - hpj@urpla.net + +- updated to version 1.4.1 + +------------------------------------------------------------------- +Mon May 26 22:28:56 UTC 2014 - hpj@urpla.net + +- version 1.4: initial build + diff --git a/python-bleach.spec b/python-bleach.spec new file mode 100644 index 0000000..fd55a00 --- /dev/null +++ b/python-bleach.spec @@ -0,0 +1,75 @@ +# +# spec file for package python-bleach +# +# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2015 LISA GmbH, Bingen, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +Name: python-bleach +Version: 6.2.0 +Release: 0 +Summary: A whitelist-based HTML-sanitizing tool +License: Apache-2.0 +URL: https://github.com/jsocol/bleach +Source: https://files.pythonhosted.org/packages/source/b/bleach/bleach-%{version}.tar.gz +Patch0: de-vendor.patch +# https://github.com/mozilla/bleach/pull/706 +Patch1: strip-spaces.patch +BuildRequires: %{python_module html5lib >= 1.1} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module setuptools} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-html5lib >= 1.1 +BuildArch: noarch +%python_subpackages + +%description +Bleach is an HTML sanitation library that escapes or strips markup and +attributes based on a white list. Bleach can also linkify text safely, applying +filters that Django's ``urlize`` filter cannot, and optionally setting ``rel`` +attributes, even on links already in the text. + +Bleach is intended for sanitizing text from *untrusted* sources. + +Because it relies on html5lib, Bleach is as good as modern browsers at dealing +with weird, quirky HTML fragments. Bleach's methods will fix +unbalanced or mis-nested tags. + +Documentation is at http://bleach.readthedocs.org/ . + +%prep +%autosetup -p1 -n bleach-%{version} +rm -rf bleach/_vendor + +%build +%python_build + +%install +%python_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +# gh#mozilla/bleach#503 +%pytest -k 'not test_uri_value_allowed_protocols' + +%files %{python_files} +%license LICENSE +%doc CHANGES README.rst +%{python_sitelib}/bleach +%{python_sitelib}/bleach-%{version}*-info + +%changelog diff --git a/strip-spaces.patch b/strip-spaces.patch new file mode 100644 index 0000000..3c9ec06 --- /dev/null +++ b/strip-spaces.patch @@ -0,0 +1,22 @@ +Index: bleach-6.0.0/tests/test_parse_shim.py +=================================================================== +--- bleach-6.0.0.orig/tests/test_parse_shim.py ++++ bleach-6.0.0/tests/test_parse_shim.py +@@ -48,14 +48,12 @@ class ParseResult: + ParseResult(scheme="non-special", netloc=":@test", path="/x"), + ), + ("http:foo.com", ParseResult(scheme="http", path="foo.com")), +- # NOTE(willkg): The wpt tests set the scheme to http becaue that's what ++ # NOTE(willkg): The wpt tests set the scheme to http because that's what + # the base url is. Since our parser is not using a baseurl, it sets the +- # scheme to "". Further, our parser includes spaces at the beginning, +- # but I don't see that as being problematic. +- ("\t :foo.com \n", ParseResult(path=" :foo.com ")), ++ # scheme to "". + # NOTE(willkg): The wpt tests set the path to "/foo/foo.com" because + # the base url is at "/foo" +- (" foo.com ", ParseResult(path=" foo.com ")), ++ ("foo.com ", ParseResult(path="foo.com ")), + ("a:\t foo.com", ParseResult(scheme="a", path=" foo.com")), + ( + "http://f:21/ b ? d # e ",