~sircmpwn/core.sr.ht: Fix bleach sanitizing imports

c8680157de229848a4fe207c9e72f88e6cf65ff8 — delthas 2 months ago ac6cc21 0.68.23

Fix bleach sanitizing imports

Bleach changed the way CSS is sanitized in 5.0.0 in a non
retro-compatible manner, removing previous imports and adding a new way
to sanitize CSS.

The ALLOWED_STYLES list was empty, so there is no attribute to copy from
it. We merely use a CSSSanitizer which is the new way to specify how CSS
must be sanitized.

patch browse

1 files changed, 19 insertions(+), 7 deletions(-)

M srht/markdown.py

M srht/markdown.py => srht/markdown.py +19 -7

@@ 154,6 154,23 @@ _sanitizer_attrs = {
     "input": _input_filter,
     "*": _wildcard_filter,
 }
+_sanitizer_styles = [
+        "margin", "padding",
+        "text-align", "font-weight",
+        "text-decoration"
+    ]
+_sanitizer_styles += [f"padding-{p}" for p in ["left", "right", "bottom", "top"]]
+_sanitizer_styles += [f"margin-{p}" for p in ["left", "right", "bottom", "top"]]
+
+_sanitizer_css = {}
+try:
+    # bleach >= 5.0.0
+    from bleach.css_sanitizer import CSSSanitizer
+    _sanitizer_css["css_sanitizer"] = CSSSanitizer(allowed_svg_properties=[], allowed_css_properties=_sanitizer_styles)
+except ImportError:
+    # bleach < 5.0.0
+    _sanitizer_css["styles"] = bleach.sanitizer.ALLOWED_STYLES + _sanitizer_styles
+
 _sanitizer = bleach.sanitizer.Cleaner(
     tags=bleach.sanitizer.ALLOWED_TAGS + [
         "p", "div", "span", "pre", "hr",


@@ 177,13 194,8 @@ _sanitizer = bleach.sanitizer.Cleaner(
         'matrix',
         'xmpp',
     ],
-    styles=bleach.sanitizer.ALLOWED_STYLES + [
-        "margin", "padding",
-        "text-align", "font-weight", "text-decoration"
-    ]
-    + [f"padding-{p}" for p in ["left", "right", "bottom", "top"]]
-    + [f"margin-{p}"  for p in ["left", "right", "bottom", "top"]],
-    strip=True)
+    strip=True,
+    **_sanitizer_css)
 
 def sanitize(html):
     return add_noopener(_sanitizer.clean(html))