Page MenuHomeSolus

Update python-bleach to 2.1.3
ClosedPublic

Authored by EP01 on Mar 6 2018, 12:11 AM.

Details

Summary
  • Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.
  • Fixed some other edge cases for attribute URI value sanitizing and improved testing of this code.
Test Plan

Tested with spyder and spyder3.

Diff Detail

Repository
R3708 python-bleach
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

EP01 created this revision.Mar 6 2018, 12:11 AM
EP01 requested review of this revision.Mar 6 2018, 12:11 AM
EP01 added a project: Restricted Project.Mar 6 2018, 12:12 AM
DataDrake accepted this revision.Mar 11 2018, 1:36 PM
DataDrake added a subscriber: DataDrake.

LGTM. Thanks!

This revision is now accepted and ready to land.Mar 11 2018, 1:36 PM
This revision was automatically updated to reflect the committed changes.