Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bleach is deprecated #40

Open
erwinmatijsen opened this issue Mar 16, 2023 · 2 comments
Open

Bleach is deprecated #40

erwinmatijsen opened this issue Mar 16, 2023 · 2 comments

Comments

@erwinmatijsen
Copy link
Owner

See this issue in the Bleach repository. An underlying lib is no longer maintained, and Bleach will also be deprecated because of that.

From that issue:

As of now, Bleach is deprecated.

We will continue to support Bleach:

security updates
support for new Python versions
fixes for egregious bugs

So, main functionality will still work in the near future. But maybe we should consider removing Bleach as a dependency.
@erwinmatijsen
Copy link
Owner Author

I've done some research. It seems nh3 is a popular alternative to bleach. And mostly it looks like it will do the same things. I have yet to research:

  • Linkify text: not supported by nh3, but it seems this is possible in markdown2.
  • Sanitize styles: this was done via whitelist_styles. I'm not sure nh3 will allow for this.
  • There doesn't seem to be a way to choose between stripping or escaping unallowed tags. It seems to be stripping by default.

@offbyone
Copy link

It looks like bleach supports css and nh3 may not; certainly there's no documentation in nh3 suggesting CSS support in the sanitizer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@offbyone @erwinmatijsen