python-bleach

pool/python-bleach

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Dirk Mueller	2cc23971a9	- update to 3.1.3 (bsc#1167379): * Add relative link to code of conduct. (#442) * Drop deprecated 'setup.py test' support. (#507) * Fix typo: curren -> current in tests/test_clean.py (#504) * Test on PyPy 7 * Drop test support for end of life Python 3.4 * ``bleach.clean`` behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or ``svg`` tags and one or more of the RCDATA tags ``script``, ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or ``xmp`` in the allowed tags whitelist were vulnerable to a mutation XSS. This security issue was confirmed in Bleach version v3.1.1. Earlier versions are likely affected too. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=32	2020-03-23 10:22:56 +00:00
Tomáš Chvátal	b1e5f6a0bb	Accepting request 681074 from home:jayvdb:noflake8 - Add de-vendor.patch to avoid new vendoring of html5lib in v3.1.0 - Remove direct dependency on webencodings, a dependency of html5lib - Update to v3.1.0 OBS-URL: https://build.opensuse.org/request/show/681074 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=24	2019-03-03 12:34:08 +00:00

Author

SHA256

Message

Date

Dirk Mueller

2cc23971a9

- update to 3.1.3 (bsc#1167379):

* Add relative link to code of conduct. (#442)
  * Drop deprecated 'setup.py test' support. (#507)
  * Fix typo: curren -> current in tests/test_clean.py (#504)
  * Test on PyPy 7
  * Drop test support for end of life Python 3.4
  * ``bleach.clean`` behavior parsing embedded MathML and SVG content
    with RCDATA tags did not match browser behavior and could result in
    a mutation XSS.
    Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
    ``svg`` tags and one or more of the RCDATA tags ``script``,
    ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
    ``xmp`` in the allowed tags whitelist were vulnerable to a mutation
    XSS.
    This security issue was confirmed in Bleach version v3.1.1. Earlier
    versions are likely affected too.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=32

2020-03-23 10:22:56 +00:00

Tomáš Chvátal

b1e5f6a0bb

Accepting request 681074 from home:jayvdb:noflake8

- Add de-vendor.patch to avoid new vendoring of html5lib in v3.1.0
- Remove direct dependency on webencodings, a dependency of html5lib
- Update to v3.1.0

OBS-URL: https://build.opensuse.org/request/show/681074
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=24

2019-03-03 12:34:08 +00:00

2 Commits