Bump bleach from 4.1.0 to 5.0.0 (#1708)

* Bump bleach from 4.1.0 to 5.0.0 Bumps [bleach](https://github.com/mozilla/bleach) from 4.1.0 to 5.0.0. - [Release notes](https://github.com/mozilla/bleach/releases) - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](https://github.com/mozilla/bleach/compare/v4.1.0...v5.0.0) --- updated-dependencies: - dependency-name: bleach dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update bleach==5.0.0 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com> [skip ci]
2025-08-19 21:03:21 -07:00 · 2022-05-16 20:41:47 -07:00 · 2022-05-16 20:41:47 -07:00 · a1fe0b04d7
commit a1fe0b04d7
parent d510e0f600
10 changed files with 264 additions and 151 deletions
--- a/lib/bleach/init.py
+++ b/lib/bleach/init.py
@ -1,7 +1,3 @@
-# -*- coding: utf-8 -*-
-
-import packaging.version
-
 from bleach.linkifier import (
    DEFAULT_CALLBACKS,
    Linker,
@ -9,17 +5,15 @@ from bleach.linkifier import (
 from bleach.sanitizer import (
    ALLOWED_ATTRIBUTES,
    ALLOWED_PROTOCOLS,
-    ALLOWED_STYLES,
    ALLOWED_TAGS,
    Cleaner,
 )


 # yyyymmdd
-__releasedate__ = "20210825"
+__releasedate__ = "20220407"
 # x.y.z or x.y.z.dev0 -- semver
-__version__ = "4.1.0"
-VERSION = packaging.version.Version(__version__)
+__version__ = "5.0.0"


 __all__ = ["clean", "linkify"]
@ -29,10 +23,10 @@ def clean(
    text,
    tags=ALLOWED_TAGS,
    attributes=ALLOWED_ATTRIBUTES,
-    styles=ALLOWED_STYLES,
    protocols=ALLOWED_PROTOCOLS,
    strip=False,
    strip_comments=True,
+    css_sanitizer=None,
 ):
    """Clean an HTML fragment of malicious content and return it

@ -64,9 +58,6 @@ def clean(
    :arg dict attributes: allowed attributes; can be a callable, list or dict;
        defaults to ``bleach.sanitizer.ALLOWED_ATTRIBUTES``

-    :arg list styles: allowed list of css styles; defaults to
-        ``bleach.sanitizer.ALLOWED_STYLES``
-
    :arg list protocols: allowed list of protocols for links; defaults
        to ``bleach.sanitizer.ALLOWED_PROTOCOLS``

@ -74,16 +65,19 @@ def clean(

    :arg bool strip_comments: whether or not to strip HTML comments

+    :arg CSSSanitizer css_sanitizer: instance with a "sanitize_css" method for
+        sanitizing style attribute values and style text; defaults to None
+
    :returns: cleaned text as unicode

    """
    cleaner = Cleaner(
        tags=tags,
        attributes=attributes,
-        styles=styles,
        protocols=protocols,
        strip=strip,
        strip_comments=strip_comments,
+        css_sanitizer=css_sanitizer,
    )
    return cleaner.clean(text)