Replace {django-,}bleach with {django-,}nh3, as bleach is now deprecated

https://bluesock.org/~willkg/blog/dev/bleach_6_0_0_deprecation.html
nh3/ammonia is faster anyway. django-nh3 is not yet feature complete,
but cmsmanage was only using the template tag anyway
This commit is contained in:
Adam Goldsmith 2023-12-30 12:21:33 -05:00
parent d7e919f6f0
commit 02986bdabc
5 changed files with 46 additions and 53 deletions

View File

@ -37,7 +37,7 @@ INSTALLED_APPS = [
"rest_framework", "rest_framework",
"rest_framework.authtoken", "rest_framework.authtoken",
"django_q", "django_q",
"django_bleach", "django_nh3",
"tasks.apps.TasksConfig", "tasks.apps.TasksConfig",
"rentals.apps.RentalsConfig", "rentals.apps.RentalsConfig",
"membershipworks.apps.MembershipworksConfig", "membershipworks.apps.MembershipworksConfig",

View File

@ -1,6 +1,6 @@
{% extends "base.dj.html" %} {% extends "base.dj.html" %}
{% load bleach_tags %} {% load nh3_tags %}
{% block title %}Upcoming Events{% endblock %} {% block title %}Upcoming Events{% endblock %}
{% block content %} {% block content %}
@ -73,11 +73,11 @@
{# djlint:off H006 #} {# djlint:off H006 #}
<img class="{% cycle 'alignleft' 'alignright' %}" <img class="{% cycle 'alignleft' 'alignright' %}"
width="400" width="400"
alt="Image for {{ event.ttl|bleach }}" alt="Image for {{ event.ttl|nh3 }}"
src="{{ event.lgo.l }}"> src="{{ event.lgo.l }}">
{# djlint:on #} {# djlint:on #}
{% endif %} {% endif %}
<span>{{ event.ttl|bleach }}</span> <span>{{ event.ttl|nh3 }}</span>
</a> </a>
</h2> </h2>
<!-- /wp:heading --> <!-- /wp:heading -->
@ -92,7 +92,7 @@
<!-- /wp:paragraph --> <!-- /wp:paragraph -->
{% if not section.truncate %} {% if not section.truncate %}
<!-- wp:tadv/classic-paragraph --> <!-- wp:tadv/classic-paragraph -->
<div>{{ event.dtl|bleach:"a,abbr,acronym,b,blockquote,code,em,i,li,ol,strong,ul,p,span,br,div" }}</div> <div>{{ event.dtl|nh3:"a,abbr,acronym,b,blockquote,code,em,i,li,ol,strong,ul,p,span,br,div" }}</div>
<!-- /wp:tadv/classic-paragraph --> <!-- /wp:tadv/classic-paragraph -->
<!-- wp:paragraph --> <!-- wp:paragraph -->
<p> <p>

View File

@ -5,7 +5,7 @@
groups = ["default", "debug", "lint", "server", "typing", "dev"] groups = ["default", "debug", "lint", "server", "typing", "dev"]
strategy = ["cross_platform"] strategy = ["cross_platform"]
lock_version = "4.4" lock_version = "4.4"
content_hash = "sha256:1f888db1da955c5ae0d98d908d6711e4982d8d734a9c7892eb42b0fcb95703f8" content_hash = "sha256:91f554bae127245b4082d069629400706b8b43daf3bf1fb8fd963eee120ff449"
[[package]] [[package]]
name = "aiohttp" name = "aiohttp"
@ -189,35 +189,6 @@ files = [
{file = "black-23.12.1.tar.gz", hash = "sha256:4ce3ef14ebe8d9509188014d96af1c456a910d5b5cbf434a09fef7e024b3d0d5"}, {file = "black-23.12.1.tar.gz", hash = "sha256:4ce3ef14ebe8d9509188014d96af1c456a910d5b5cbf434a09fef7e024b3d0d5"},
] ]
[[package]]
name = "bleach"
version = "5.0.1"
requires_python = ">=3.7"
summary = "An easy safelist-based HTML-sanitizing tool."
dependencies = [
"six>=1.9.0",
"webencodings",
]
files = [
{file = "bleach-5.0.1-py3-none-any.whl", hash = "sha256:085f7f33c15bd408dd9b17a4ad77c577db66d76203e5984b1bd59baeee948b2a"},
{file = "bleach-5.0.1.tar.gz", hash = "sha256:0d03255c47eb9bd2f26aa9bb7f2107732e7e8fe195ca2f64709fcf3b0a4a085c"},
]
[[package]]
name = "bleach"
version = "5.0.1"
extras = ["css"]
requires_python = ">=3.7"
summary = "An easy safelist-based HTML-sanitizing tool."
dependencies = [
"bleach==5.0.1",
"tinycss2<1.2,>=1.1.0",
]
files = [
{file = "bleach-5.0.1-py3-none-any.whl", hash = "sha256:085f7f33c15bd408dd9b17a4ad77c577db66d76203e5984b1bd59baeee948b2a"},
{file = "bleach-5.0.1.tar.gz", hash = "sha256:0d03255c47eb9bd2f26aa9bb7f2107732e7e8fe195ca2f64709fcf3b0a4a085c"},
]
[[package]] [[package]]
name = "brotli" name = "brotli"
version = "1.0.9" version = "1.0.9"
@ -476,20 +447,6 @@ files = [
{file = "django-autocomplete-light-3.9.7.tar.gz", hash = "sha256:a34f192ac438c4df056dbfd399550799ddc631c4661960134ded924648770373"}, {file = "django-autocomplete-light-3.9.7.tar.gz", hash = "sha256:a34f192ac438c4df056dbfd399550799ddc631c4661960134ded924648770373"},
] ]
[[package]]
name = "django-bleach"
version = "3.1.0"
requires_python = ">=3.8"
summary = "Easily use bleach with Django models and templates"
dependencies = [
"Django>=3.2",
"bleach[css]<6,>=5",
]
files = [
{file = "django-bleach-3.1.0.tar.gz", hash = "sha256:766405a32b877a5beb6b377ace0d8bbe2a7d4d6304f04542aa14fd74b14398a7"},
{file = "django_bleach-3.1.0-py2.py3-none-any.whl", hash = "sha256:8d9117ca08c182ee20daaf99abbf800154db5cdbcb66ef1252dd7bb542dcf19d"},
]
[[package]] [[package]]
name = "django-debug-toolbar" name = "django-debug-toolbar"
version = "4.2.0" version = "4.2.0"
@ -531,6 +488,19 @@ files = [
{file = "django_markdownx-4.0.7-py2.py3-none-any.whl", hash = "sha256:c1975ae3053481d4c111abd38997a5b5bb89235a1e3215f995d835942925fe7b"}, {file = "django_markdownx-4.0.7-py2.py3-none-any.whl", hash = "sha256:c1975ae3053481d4c111abd38997a5b5bb89235a1e3215f995d835942925fe7b"},
] ]
[[package]]
name = "django-nh3"
version = "0.1.1"
requires_python = ">=3.10"
summary = "Django integration with for nh3, Python binding to Ammonia HTML sanitizer Rust crate."
dependencies = [
"Django>=3.2",
"nh3",
]
files = [
{file = "django_nh3-0.1.1-py3-none-any.whl", hash = "sha256:10df44fd9c1d1bc5d88739094826c636c2c256ba9d89d17e4356280bb8e159a0"},
]
[[package]] [[package]]
name = "django-object-actions" name = "django-object-actions"
version = "4.2.0" version = "4.2.0"
@ -1192,6 +1162,29 @@ files = [
{file = "mysqlclient-2.2.1.tar.gz", hash = "sha256:2c7ad15b87293b12fd44b47c46879ec95ec647f4567e866ccd70b8337584e9b2"}, {file = "mysqlclient-2.2.1.tar.gz", hash = "sha256:2c7ad15b87293b12fd44b47c46879ec95ec647f4567e866ccd70b8337584e9b2"},
] ]
[[package]]
name = "nh3"
version = "0.2.15"
summary = "Python bindings to the ammonia HTML sanitization library."
files = [
{file = "nh3-0.2.15-cp37-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl", hash = "sha256:9c0d415f6b7f2338f93035bba5c0d8c1b464e538bfbb1d598acd47d7969284f0"},
{file = "nh3-0.2.15-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:6f42f99f0cf6312e470b6c09e04da31f9abaadcd3eb591d7d1a88ea931dca7f3"},
{file = "nh3-0.2.15-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ac19c0d68cd42ecd7ead91a3a032fdfff23d29302dbb1311e641a130dfefba97"},
{file = "nh3-0.2.15-cp37-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5f0d77272ce6d34db6c87b4f894f037d55183d9518f948bba236fe81e2bb4e28"},
{file = "nh3-0.2.15-cp37-abi3-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:8d595df02413aa38586c24811237e95937ef18304e108b7e92c890a06793e3bf"},
{file = "nh3-0.2.15-cp37-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:86e447a63ca0b16318deb62498db4f76fc60699ce0a1231262880b38b6cff911"},
{file = "nh3-0.2.15-cp37-abi3-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3277481293b868b2715907310c7be0f1b9d10491d5adf9fce11756a97e97eddf"},
{file = "nh3-0.2.15-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:60684857cfa8fdbb74daa867e5cad3f0c9789415aba660614fe16cd66cbb9ec7"},
{file = "nh3-0.2.15-cp37-abi3-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:3b803a5875e7234907f7d64777dfde2b93db992376f3d6d7af7f3bc347deb305"},
{file = "nh3-0.2.15-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:0d02d0ff79dfd8208ed25a39c12cbda092388fff7f1662466e27d97ad011b770"},
{file = "nh3-0.2.15-cp37-abi3-musllinux_1_2_armv7l.whl", hash = "sha256:f3b53ba93bb7725acab1e030bc2ecd012a817040fd7851b332f86e2f9bb98dc6"},
{file = "nh3-0.2.15-cp37-abi3-musllinux_1_2_i686.whl", hash = "sha256:b1e97221cedaf15a54f5243f2c5894bb12ca951ae4ddfd02a9d4ea9df9e1a29d"},
{file = "nh3-0.2.15-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a5167a6403d19c515217b6bcaaa9be420974a6ac30e0da9e84d4fc67a5d474c5"},
{file = "nh3-0.2.15-cp37-abi3-win32.whl", hash = "sha256:427fecbb1031db085eaac9931362adf4a796428ef0163070c484b5a768e71601"},
{file = "nh3-0.2.15-cp37-abi3-win_amd64.whl", hash = "sha256:bc2d086fb540d0fa52ce35afaded4ea526b8fc4d3339f783db55c95de40ef02e"},
{file = "nh3-0.2.15.tar.gz", hash = "sha256:d1e30ff2d8d58fb2a14961f7aac1bbb1c51f9bdd7da727be35c63826060b0bf3"},
]
[[package]] [[package]]
name = "openapi-client-udm" name = "openapi-client-udm"
version = "1.0.2" version = "1.0.2"

View File

@ -17,7 +17,6 @@ dependencies = [
"mdformat~=0.7", "mdformat~=0.7",
"mdformat-tables~=0.4", "mdformat-tables~=0.4",
"mysqlclient~=2.2", "mysqlclient~=2.2",
"bleach~=5.0",
"django-autocomplete-light~=3.9", "django-autocomplete-light~=3.9",
"weasyprint~=60.2", "weasyprint~=60.2",
"requests~=2.31", "requests~=2.31",
@ -28,7 +27,8 @@ dependencies = [
"django-object-actions~=4.2", "django-object-actions~=4.2",
"udm-rest-client~=1.2", "udm-rest-client~=1.2",
"openapi-client-udm~=1.0", "openapi-client-udm~=1.0",
"django-bleach~=3.1", "django-nh3~=0.1",
"nh3~=0.2",
] ]
requires-python = ">=3.11" requires-python = ">=3.11"

View File

@ -1,4 +1,4 @@
import bleach import nh3
from markdownx.utils import markdownify from markdownx.utils import markdownify
# fmt: off # fmt: off
@ -23,5 +23,5 @@ MARKDOWN_ATTRS = {
def markdown_to_clean_html(md: str) -> str: def markdown_to_clean_html(md: str) -> str:
x = bleach.clean(markdownify(md), tags=MARKDOWN_TAGS, attributes=MARKDOWN_ATTRS) x = nh3.clean(markdownify(md), tags=MARKDOWN_TAGS, attributes=MARKDOWN_ATTRS)
return x return x