NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-18 05:28:16 -06:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

12851 replace bleach with nh3

Browse Source
This commit is contained in:
Arthur 2024-01-10 13:33:27 -08:00
parent f8199339f5
commit de7d4ad957
3 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
base_requirements.txt
View File

@ -1,7 +1,3 @@
# HTML sanitizer
# https://github.com/mozilla/bleach/blob/main/CHANGES
bleach
# The Python web framework on which NetBox is built # The Python web framework on which NetBox is built
# https://docs.djangoproject.com/en/stable/releases/ # https://docs.djangoproject.com/en/stable/releases/
Django<5.1 Django<5.1
@ -108,6 +104,10 @@ mkdocstrings[python-legacy]
# https://github.com/netaddr/netaddr/blob/master/CHANGELOG # https://github.com/netaddr/netaddr/blob/master/CHANGELOG
netaddr netaddr
# Python bindings to the ammonia HTML sanitization library.
# https://github.com/messense/nh3
nh3
# Fork of PIL (Python Imaging Library) for image processing # Fork of PIL (Python Imaging Library) for image processing
# https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst # https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst
Pillow Pillow

18
netbox/utilities/utils.py
View File

@ -1,11 +1,11 @@
import datetime import datetime
import decimal import decimal
import json import json
import nh3
import re import re
from decimal import Decimal from decimal import Decimal
from itertools import count, groupby from itertools import count, groupby
import bleach
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.core import serializers from django.core import serializers
from django.db.models import Count, ManyToOneRel, OuterRef, Subquery from django.db.models import Count, ManyToOneRel, OuterRef, Subquery
@ -522,19 +522,19 @@ def clean_html(html, schemes):
} }
ALLOWED_ATTRIBUTES = { ALLOWED_ATTRIBUTES = {
"div": ['class'], "div": {'class'},
"h1": ["id"], "h2": ["id"], "h3": ["id"], "h4": ["id"], "h5": ["id"], "h6": ["id"], "h1": {"id"}, "h2": {"id"}, "h3": {"id"}, "h4": {"id"}, "h5": {"id"}, "h6": {"id"},
"a": ["href", "title"], "a": {"href", "title"},
"img": ["src", "title", "alt"], "img": {"src", "title", "alt"},
"th": ["align"], "th": {"align"},
"td": ["align"], "td": {"align"},
} }
return bleach.clean( return nh3.clean(
html, html,
tags=ALLOWED_TAGS, tags=ALLOWED_TAGS,
attributes=ALLOWED_ATTRIBUTES, attributes=ALLOWED_ATTRIBUTES,
protocols=schemes url_schemes=set(schemes)
) )

2
requirements.txt
View File

@ -1,4 +1,3 @@
bleach==6.1.0
Django==5.0.1 Django==5.0.1
django-cors-headers==4.3.1 django-cors-headers==4.3.1
django-debug-toolbar==4.2.0 django-debug-toolbar==4.2.0
@ -24,6 +23,7 @@ Markdown==3.5.1
mkdocs-material==9.5.3 mkdocs-material==9.5.3
mkdocstrings[python-legacy]==0.24.0 mkdocstrings[python-legacy]==0.24.0
netaddr==0.9.0 netaddr==0.9.0
nh3==0.2.15
Pillow==10.1.0 Pillow==10.1.0
psycopg[binary,pool]==3.1.16 psycopg[binary,pool]==3.1.16
PyYAML==6.0.1 PyYAML==6.0.1