Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

python311-bleach-6.0.0-150400.9.3.1 RPM for noarch

From OpenSuSE Leap 15.6 for noarch

Name: python311-bleach Distribution: SUSE Linux Enterprise 15
Version: 6.0.0 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150400.9.3.1 Build date: Wed Oct 25 11:18:21 2023
Group: Unspecified Build host: h04-ch2a
Size: 202474 Source RPM: python-bleach-6.0.0-150400.9.3.1.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/jsocol/bleach
Summary: A whitelist-based HTML-sanitizing tool
Bleach is an HTML sanitation library that escapes or strips markup and
attributes based on a white list. Bleach can also linkify text safely, applying
filters that Django's ``urlize`` filter cannot, and optionally setting ``rel``
attributes, even on links already in the text.

Bleach is intended for sanitizing text from *untrusted* sources.

Because it relies on html5lib, Bleach is as good as modern browsers at dealing
with weird, quirky HTML fragments. Bleach's methods will fix
unbalanced or mis-nested tags.

Documentation is at http://bleach.readthedocs.org/ .

Provides

Requires

License

Apache-2.0

Changelog

* Thu Jun 29 2023 [email protected]
  - Add patch strip-spaces.patch (bsc#1212852)
    * sent upstream: https://github.com/mozilla/bleach/pull/706
* Mon May 08 2023 [email protected]
  - Update to 6.0.0:
    * bleach.clean, bleach.sanitizer.Cleaner,
      bleach.html5lib_shim.BleachHTMLParser: the tags and protocols
      arguments were changed from lists to sets.
    * bleach.linkify, bleach.linkifier.Linker: the skip_tags and
      recognized_tags arguments were changed from lists to sets.
    * bleach.sanitizer.BleachSanitizerFilter: strip_allowed_elements is
      now strip_allowed_tags. We now use “tags” everywhere rather than a
      mishmash of “tags” in some places and “elements” in others.
    [#] Bug fixes
    * Add support for Python 3.11. (#675)
    * Fix API weirness in BleachSanitizerFilter. (#649)
    * We’re using “tags” instead of “elements” everywhere–no more weird
      overloading of “elements” anymore.
    * Also, it no longer calls the superclass constructor.
    * Add warning when css_sanitizer isn’t set, but the style attribute
      is allowed. (#676)
    * Fix linkify handling of character entities. (#501)
    * Rework dev dependencies to use requirements-dev.txt and
      requirements-flake8.txt instead of extras.
    * Fix project infrastructure to be tox-based so it’s easier to have
      CI run the same things we’re running in development and with
      flake8 in an isolated environment.
    * Update action versions in CI.
    * Switch to f-strings where possible. Make tests parametrized to be
      easier to read/maintain.
* Fri Apr 21 2023 [email protected]
  - add sle15_python_module_pythons (jsc#PED-68)
* Thu Apr 13 2023 [email protected]
  - Make calling of %{sle15modernpython} optional.
* Fri Mar 24 2023 [email protected]
  - Remove not needed dependency python-packaging
* Thu Nov 03 2022 [email protected]
  - Remove not needed python-six dependency
  - Remove python_module macro definition
  - More specific python_sitelib in files
* Thu Sep 29 2022 [email protected]
  - Update to 5.0.1:
    * Add missing comma to tinycss2 require. Thank you, @shadchin!
    * Add url parse tests based on wpt url tests. (#688)
    * Support scheme-less urls if "https" is in allow list. (#662)
    * Handle escaping ``<`` in edge cases where it doesn't start a tag. (#544)
    * Correctly urlencode email address parts. Thank you, @larseggert! (#659)
    * ``clean`` and ``linkify`` now preserve the order of HTML attributes.
    * Drop support for Python 3.6. Thank you, @hugovk! (#629)
    * CSS sanitization in style tags is completely different now.
    * Python 3.9 support
    * Drop support for unsupported Python versions <3.6. (#520)
    * add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq
  - Refresh de-vendor.patch, and convert to patch level 1
* Tue Apr 13 2021 [email protected]
  - update to 3.3.0:
    * Backwards incompatible change: clean escapes HTML comments
      even when strip_comments=False
    * Fix CVE-2021-23980: mutation XSS on bleach.clean with specific
      combinations of allowed tags (boo#1184547)
  - includes changes from 3.2.3:
    * fix clean and linkify raising ValueErrors for certain inputs
  - includes changes from 3.2.2:
    * fix linkify raising an IndexError on certain inputs
  - includes changes from 3.2.1:
    * change linkifier to add rel="nofollow" as documented
  - includes changes from 3.2.0:
    * html5lib dependency increased to 1.1.0
* Mon Aug 31 2020 [email protected]
  - Skip tests that fail with html5lib 1.1 ref the upstream ticket
* Wed May 06 2020 [email protected]
  - Update to 3.1.5:
    * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson.
* Wed Apr 01 2020 [email protected]
  - update to 3.1.4 (bsc#1168280, CVE-2020-6817):
    * ``bleach.clean`` behavior parsing style attributes could result in a
      regular expression denial of service (ReDoS).
      Calls to ``bleach.clean`` with an allowed tag with an allowed
      ``style`` attribute were vulnerable to ReDoS. For example,
      ``bleach.clean(..., attributes={'a': ['style']})``.
    * Style attributes with dashes, or single or double quoted values are
      cleaned instead of passed through.
* Mon Mar 23 2020 [email protected]
  - update to 3.1.3 (bsc#1167379, CVE-2020-6816):
    * Add relative link to code of conduct. (#442)
    * Drop deprecated 'setup.py test' support. (#507)
    * Fix typo: curren -> current in tests/test_clean.py (#504)
    * Test on PyPy 7
    * Drop test support for end of life Python 3.4
    * ``bleach.clean`` behavior parsing embedded MathML and SVG content
      with RCDATA tags did not match browser behavior and could result in
      a mutation XSS.
      Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
      ``svg`` tags and one or more of the RCDATA tags ``script``,
      ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
      ``xmp`` in the allowed tags whitelist were vulnerable to a mutation
      XSS.
* Fri Feb 28 2020 [email protected]
  - Update to V3.1.1: Security update for CVE-2020-6802
    * CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303).
* Wed Jan 08 2020 [email protected]
  - Switch off test_uri_value_allowed_protocols test to work around
    gh#mozilla/bleach#503.
* Fri Jul 19 2019 [email protected]
  - Restrict pytest to <5.0; upstream has an issue already reported
* Sun Mar 03 2019 [email protected]
  - Add de-vendor.patch to avoid new vendoring of html5lib in v3.1.0
  - Remove direct dependency on webencodings, a dependency of html5lib
  - Update to v3.1.0
    * Add ``recognized_tags`` argument to the linkify ``Linker`` class. This
      fixes issues when linkifying on its own and having some tags get escaped.
      It defaults to a list of HTML5 tags
    * Add ``six>=1.9`` to requirements
    * Fix cases where attribute names could have invalid characters in them.
    * Fix problems with ``LinkifyFilter`` not being able to match links
      across ``&amp;``.
    * Fix ``InputStreamWithMemory`` when the ``BleachHTMLParser`` is
      parsing ``meta`` tags
    * Fix doctests.
  - from v3.0.2
    * Merge ``Characters`` tokens after sanitizing them. This fixes issues
      in the ``LinkifyFilter`` where it was only linkifying parts of urls
  - from v3.0.1
    * Support Python 3.7. It supported Python 3.7 just fine, but 3.7 was
      added to the list of Python environments being test
    * Fix ``list`` object has no attribute ``lower`` in ``clean``
    * Fix ``abbr`` getting escaped in ``linkify``
  - from v3.0.0
    * [breaking] A bunch of functions were moved from one module to another.
      These were moved from ``bleach.sanitizer`` to ``bleach.html5lib_shim``:
      + convert_entity
      + convert_entities
      + match_entity
      + next_possible_entity
      + BleachHTMLSerializer
      + BleachHTMLTokenizer
      + BleachHTMLParser
      These functions and classes weren't documented and aren't part of the
      public API, but people read code and might be using them so we're
      considering it an incompatible API change.
      If you're using them, you'll need to update your code.
    * Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into
      Bleach. You can remove it from your requirements file if none of your other
      requirements require html5lib.
      This means Bleach will now work fine with other libraries that depend on
      html5lib regardless of what version of html5lib they require.
    * Fixed tags getting added when using clean or linkify. This was a
      long-standing regression from the Bleach 2.0 rewrite
    * Fixed ``<isindex>`` getting replaced with a string. Now it gets escaped or
      stripped depending on whether it's in the allowed tags or not
  - from v2.1.4
    * Dropped support for Python 3.3
    * Handle ambiguous ampersands in correctly
* Wed Dec 05 2018 [email protected]
  - Trim rhetorics and bias from descriptions.
* Tue Dec 04 2018 [email protected]
  - Remove superfluous devel dependency for noarch package
* Tue Mar 20 2018 [email protected]
  - Update to version 2.1.3:
    * Attributes that have URI values weren't properly sanitized if the
      values contained character entities. Using character entities, it
      was possible to construct a URI value with a scheme that was not
      allowed that would slide through unsanitized.
      (CVE-2018-7753 bnc#1085969)
* Thu Dec 07 2017 [email protected]
  - specfile:
    * update copyright year
  - update to version 2.1.2:
    * Bug fixes
      + Support html5lib-python 1.0.1. (#337)
      + Add deprecation warning for supporting html5lib-python < 1.0.
      + Switch to semver.
* Sat Nov 11 2017 [email protected]
  - specfile:
    * update copyright year
  - update to version 2.1.1:
    * Bug fixes
      + Fix setup.py opening files when LANG=. (#324)
  - changes from version 2.1:
    * Security fixes
      + Convert control characters (backspace particularly) to “?”
      preventing malicious copy-and-paste situations. (#298)
      See https://github.com/mozilla/bleach/issues/298 for more details.
      This affects all previous versions of Bleach. Check the comments
      on that issue for ways to alleviate the issue if you can’t
      upgrade to Bleach 2.1.
    * Backwards incompatible changes
      + Redid versioning. bleach.VERSION is no longer available. Use the
      string version at bleach.__version__ and parse it with
      pkg_resources.parse_version. (#307)
      + clean, linkify: linkify and clean should only accept text types;
      thank you, Janusz! (#292)
      + clean, linkify: accept only unicode or utf-8-encoded str (#176)
    * Bug fixes
      + bleach.clean() no longer unescapes entities including ones that
      are missing a ; at the end which can happen in urls and other
      places. (#143)
      + linkify: fix http links inside of mailto links; thank you,
      sedrubal! (#300)
      + clarify security policy in docs (#303)
      + fix dependency specification for html5lib 1.0b8, 1.0b9, and
      1.0b10; thank you, Zoltán! (#268)
      + add Bleach vs. html5lib comparison to README; thank you, Stu
      Cox! (#278)
      + fix KeyError exceptions on tags without href attr; thank you,
      Alex Defsen! (#273)
      + add test website and scripts to test bleach.clean() output in
      browser; thank you, Greg Guthe!
* Wed Apr 12 2017 [email protected]
  - Fix source URL.
* Thu Apr 06 2017 [email protected]
  - Update to Version 2.0.0
    + Backwards incompatible changes
    * Removed support for Python 2.6. #206
    * Removed support for Python 3.2. #224
    * Bleach no longer supports html5lib < 0.99999999 (8 9s).
    * ``bleach.clean`` and friends were rewrittenped.
    * ``bleach.clean`` and friends attribute callables now take three arguments:
      tag, attribute name and attribute value. Previously they only took attribute
      name and attribute value.
    * ``bleach.linkify`` was rewritten
    * ``bleach.linkify`` and friends had a ``skip_pre`` argument--that's been
      replaced with a more general ``skip_tags`` argument.
    + Changes
    * Supports Python 3.6.
    * Supports html5lib >= 0.99999999 (8 9s).
    * There's a ``bleach.sanitizer.Cleaner`` class that you can instantiate with your
      favorite clean settings for easy reuse.
    * There's a ``bleach.linkifier.Linker`` class that you can instantiate with your
      favorite linkify settings for easy reuse.
    * There's a ``bleach.linkifier.LinkifyFilter`` which is an htm5lib filter that
      you can pass as a filter to ``bleach.sanitizer.Cleaner`` allowing you to clean
      and linkify in one pass.
    * ``bleach.clean`` and friends can now take a callable as an attributes arg value.
    * Tons of bug fixes.
    * Cleaned up tests.
    * Documentation fixes.
  - Update to Version 1.5
    + Backwards incompatible changes
    * clean: The list of ``ALLOWED_PROTOCOLS`` now defaults to http, https and
      mailto.
    + Changes
    * clean: Added ``protocols`` to arguments list to let you override the list of
      allowed protocols. Thank you, Andreas Malecki! #149
    * linkify: Fix a bug involving periods at the end of an email address. Thank you,
      Lorenz Schori! #219
    * linkify: Fix linkification of non-ascii ports. Thank you Alexandre, Macabies!
      [#207]
    * linkify: Fix linkify inappropriately removing node tails when dropping nodes.
      [#132]
    * Fixed a test that failed periodically. #161
    * Switched from nose to py.test. #204
    * Add test matrix for all supported Python and html5lib versions. #230
    * Limit to html5lib ``>=0.999,!=0.9999,!=0.99999,<0.99999999`` because 0.9999
      and 0.99999 are busted.
    * Add support for ``python setup.py test``. #97
  - Update to Version 1.4.3 (May 23rd, 2016)
    + Changes
    * Limit to html5lib ``>=0.999,<0.99999999`` because of impending change to
      sanitizer api. #195
  - Update to Version 1.4.2
    + Changes
    * linkify: Fix hang in linkify with ``parse_email=True``. #124
    * linkify: Fix crash in linkify when removing a link that is a first-child. #136
    * Updated TLDs.
    * linkify: Don't remove exterior brackets when linkifying. #146
  - Implemenet single-spec version
* Thu Sep 03 2015 [email protected]
  - Fix build on SLE 11
* Fri Aug 07 2015 [email protected]
  - eabled checks again: don't know, why they failed in the first place
* Thu Jul 30 2015 [email protected]
  - disabled checks: developer unresponsive
* Wed Jun 17 2015 [email protected]
  - updated to version 1.4.1

Files

/usr/lib/python3.11/site-packages/bleach
/usr/lib/python3.11/site-packages/bleach-6.0.0-py3.11.egg-info
/usr/lib/python3.11/site-packages/bleach-6.0.0-py3.11.egg-info/PKG-INFO
/usr/lib/python3.11/site-packages/bleach-6.0.0-py3.11.egg-info/SOURCES.txt
/usr/lib/python3.11/site-packages/bleach-6.0.0-py3.11.egg-info/dependency_links.txt
/usr/lib/python3.11/site-packages/bleach-6.0.0-py3.11.egg-info/not-zip-safe
/usr/lib/python3.11/site-packages/bleach-6.0.0-py3.11.egg-info/requires.txt
/usr/lib/python3.11/site-packages/bleach-6.0.0-py3.11.egg-info/top_level.txt
/usr/lib/python3.11/site-packages/bleach/__init__.py
/usr/lib/python3.11/site-packages/bleach/__pycache__
/usr/lib/python3.11/site-packages/bleach/__pycache__/__init__.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/__init__.cpython-311.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/callbacks.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/callbacks.cpython-311.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/css_sanitizer.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/css_sanitizer.cpython-311.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/html5lib_shim.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/html5lib_shim.cpython-311.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/linkifier.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/linkifier.cpython-311.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/parse_shim.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/parse_shim.cpython-311.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/sanitizer.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/bleach/__pycache__/sanitizer.cpython-311.pyc
/usr/lib/python3.11/site-packages/bleach/callbacks.py
/usr/lib/python3.11/site-packages/bleach/css_sanitizer.py
/usr/lib/python3.11/site-packages/bleach/html5lib_shim.py
/usr/lib/python3.11/site-packages/bleach/linkifier.py
/usr/lib/python3.11/site-packages/bleach/parse_shim.py
/usr/lib/python3.11/site-packages/bleach/sanitizer.py
/usr/share/doc/packages/python311-bleach
/usr/share/doc/packages/python311-bleach/CHANGES
/usr/share/doc/packages/python311-bleach/README.rst
/usr/share/licenses/python311-bleach
/usr/share/licenses/python311-bleach/LICENSE


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 19:58:50 2024