------------------------------------------------------------------- Tue Dec 4 12:46:11 UTC 2018 - Matej Cepl - Remove superfluous devel dependency for noarch package ------------------------------------------------------------------- Tue Mar 20 08:38:36 UTC 2018 - kbabioch@suse.com - Update to version 2.1.3: * Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized. (CVE-2018-7753 bnc#1085969) ------------------------------------------------------------------- Thu Dec 7 16:50:14 UTC 2017 - arun@gmx.de - specfile: * update copyright year - update to version 2.1.2: * Bug fixes + Support html5lib-python 1.0.1. (#337) + Add deprecation warning for supporting html5lib-python < 1.0. + Switch to semver. ------------------------------------------------------------------- Sat Nov 11 17:17:50 UTC 2017 - arun@gmx.de - specfile: * update copyright year - update to version 2.1.1: * Bug fixes + Fix setup.py opening files when LANG=. (#324) - changes from version 2.1: * Security fixes + Convert control characters (backspace particularly) to “?” preventing malicious copy-and-paste situations. (#298) See https://github.com/mozilla/bleach/issues/298 for more details. This affects all previous versions of Bleach. Check the comments on that issue for ways to alleviate the issue if you can’t upgrade to Bleach 2.1. * Backwards incompatible changes + Redid versioning. bleach.VERSION is no longer available. Use the string version at bleach.__version__ and parse it with pkg_resources.parse_version. (#307) + clean, linkify: linkify and clean should only accept text types; thank you, Janusz! (#292) + clean, linkify: accept only unicode or utf-8-encoded str (#176) * Bug fixes + bleach.clean() no longer unescapes entities including ones that are missing a ; at the end which can happen in urls and other places. (#143) + linkify: fix http links inside of mailto links; thank you, sedrubal! (#300) + clarify security policy in docs (#303) + fix dependency specification for html5lib 1.0b8, 1.0b9, and 1.0b10; thank you, Zoltán! (#268) + add Bleach vs. html5lib comparison to README; thank you, Stu Cox! (#278) + fix KeyError exceptions on tags without href attr; thank you, Alex Defsen! (#273) + add test website and scripts to test bleach.clean() output in browser; thank you, Greg Guthe! ------------------------------------------------------------------- Wed Apr 12 15:15:17 UTC 2017 - toddrme2178@gmail.com - Fix source URL. ------------------------------------------------------------------- Thu Apr 6 17:49:43 UTC 2017 - toddrme2178@gmail.com - Update to Version 2.0.0 + Backwards incompatible changes * Removed support for Python 2.6. #206 * Removed support for Python 3.2. #224 * Bleach no longer supports html5lib < 0.99999999 (8 9s). * ``bleach.clean`` and friends were rewrittenped. * ``bleach.clean`` and friends attribute callables now take three arguments: tag, attribute name and attribute value. Previously they only took attribute name and attribute value. * ``bleach.linkify`` was rewritten * ``bleach.linkify`` and friends had a ``skip_pre`` argument--that's been replaced with a more general ``skip_tags`` argument. + Changes * Supports Python 3.6. * Supports html5lib >= 0.99999999 (8 9s). * There's a ``bleach.sanitizer.Cleaner`` class that you can instantiate with your favorite clean settings for easy reuse. * There's a ``bleach.linkifier.Linker`` class that you can instantiate with your favorite linkify settings for easy reuse. * There's a ``bleach.linkifier.LinkifyFilter`` which is an htm5lib filter that you can pass as a filter to ``bleach.sanitizer.Cleaner`` allowing you to clean and linkify in one pass. * ``bleach.clean`` and friends can now take a callable as an attributes arg value. * Tons of bug fixes. * Cleaned up tests. * Documentation fixes. - Update to Version 1.5 + Backwards incompatible changes * clean: The list of ``ALLOWED_PROTOCOLS`` now defaults to http, https and mailto. + Changes * clean: Added ``protocols`` to arguments list to let you override the list of allowed protocols. Thank you, Andreas Malecki! #149 * linkify: Fix a bug involving periods at the end of an email address. Thank you, Lorenz Schori! #219 * linkify: Fix linkification of non-ascii ports. Thank you Alexandre, Macabies! #207 * linkify: Fix linkify inappropriately removing node tails when dropping nodes. #132 * Fixed a test that failed periodically. #161 * Switched from nose to py.test. #204 * Add test matrix for all supported Python and html5lib versions. #230 * Limit to html5lib ``>=0.999,!=0.9999,!=0.99999,<0.99999999`` because 0.9999 and 0.99999 are busted. * Add support for ``python setup.py test``. #97 - Update to Version 1.4.3 (May 23rd, 2016) + Changes * Limit to html5lib ``>=0.999,<0.99999999`` because of impending change to sanitizer api. #195 - Update to Version 1.4.2 + Changes * linkify: Fix hang in linkify with ``parse_email=True``. #124 * linkify: Fix crash in linkify when removing a link that is a first-child. #136 * Updated TLDs. * linkify: Don't remove exterior brackets when linkifying. #146 - Implemenet single-spec version ------------------------------------------------------------------- Thu Sep 3 14:39:11 UTC 2015 - toddrme2178@gmail.com - Fix build on SLE 11 ------------------------------------------------------------------- Fri Aug 7 22:19:47 UTC 2015 - hpj@urpla.net - eabled checks again: don't know, why they failed in the first place ------------------------------------------------------------------- Thu Jul 30 09:34:52 UTC 2015 - hpj@urpla.net - disabled checks: developer unresponsive ------------------------------------------------------------------- Wed Jun 17 18:11:49 UTC 2015 - hpj@urpla.net - updated to version 1.4.1 ------------------------------------------------------------------- Mon May 26 22:28:56 UTC 2014 - hpj@urpla.net - version 1.4: initial build