python/python-lxml
SHA256
14
0
Fork 0
forked from pool/python-lxml
Code Pull Requests Activity

- update to 4.6.2:

Browse Source 
* A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry,
  which allowed JavaScript to pass through.  The cleaner now removes more sneaky
  "style" content.
* A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed
  JavaScript to pass through.  The cleaner now removes more sneaky "style" content.
* GH#310: ``lxml.html.InputGetter`` supports ``__len__()`` to count the number of input fields.
  Patch by Aidan Woolley.
* ``lxml.html.InputGetter`` has a new ``.items()`` method to ease processing all input fields.
* ``lxml.html.InputGetter.keys()`` now returns the field names in document order.
* GH-309: The API documentation is now generated using ``sphinx-apidoc``.
* LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
  when a default namespace was defined.
* ``TreeBuilder.close()`` raised ``AssertionError`` in some error cases where it
  should have raised ``XMLSyntaxError``.  It now raises a combined exception to
  keep up backwards compatibility, while switching to ``XMLSyntaxError`` as an
  interface.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-lxml?expand=0&rev=143
This commit is contained in:
Dirk Mueller
2021-01-24 10:59:08 +00:00
committed by Git OBS Bridge
parent 74f88011c9
commit fa2fc0c2a7
4 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
python-lxml.changes
View File

@@ -1,3 +1,24 @@
-------------------------------------------------------------------
Sun Jan 24 10:21:16 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 4.6.2:
* A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry,
which allowed JavaScript to pass through. The cleaner now removes more sneaky
"style" content.
* A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed
JavaScript to pass through. The cleaner now removes more sneaky "style" content.
* GH#310: ``lxml.html.InputGetter`` supports ``__len__()`` to count the number of input fields.
Patch by Aidan Woolley.
* ``lxml.html.InputGetter`` has a new ``.items()`` method to ease processing all input fields.
* ``lxml.html.InputGetter.keys()`` now returns the field names in document order.
* GH-309: The API documentation is now generated using ``sphinx-apidoc``.
* LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
when a default namespace was defined.
* ``TreeBuilder.close()`` raised ``AssertionError`` in some error cases where it
should have raised ``XMLSyntaxError``. It now raises a combined exception to
keep up backwards compatibility, while switching to ``XMLSyntaxError`` as an
interface.
-------------------------------------------------------------------
Fri Jul 17 07:30:50 UTC 2020 - Dirk Mueller <dmueller@suse.com>