From ab38d1048860ae762f99424a85a7c2fea0861431 Mon Sep 17 00:00:00 2001 From: Nicholas Bollweg Date: Thu, 7 Apr 2022 12:34:03 -0500 Subject: [PATCH 1/5] add packaging dependency --- setup.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/setup.py b/setup.py index f3d91dabe..2b5db9e70 100644 --- a/setup.py +++ b/setup.py @@ -237,20 +237,21 @@ def get_data_files(): ) setup_args["install_requires"] = [ - "mistune>=0.8.1,<2", + "beautifulsoup4", + "bleach", + "defusedxml", + "entrypoints>=0.2.2", "jinja2>=2.4", - "pygments>=2.4.1", - "jupyterlab_pygments", - "traitlets>=5.0", "jupyter_core", + "jupyterlab_pygments", + "MarkupSafe>=2.0", + "mistune>=0.8.1,<2", + "nbclient>=0.5.0,<0.6.0", "nbformat>=4.4", - "entrypoints>=0.2.2", - "bleach", + "packaging", "pandocfilters>=1.4.1", - "defusedxml", - "beautifulsoup4", - "nbclient>=0.5.0,<0.6.0", - "MarkupSafe>=2.0", + "pygments>=2.4.1", + "traitlets>=5.0", ] pyppeteer_req = "pyppeteer>=1,<1.1" From 519a9d89e594946b9eb3527bfb7958a3f53ede50 Mon Sep 17 00:00:00 2001 From: Nicholas Bollweg Date: Thu, 7 Apr 2022 13:46:56 -0500 Subject: [PATCH 2/5] support bleach 5 --- nbconvert/preprocessors/sanitize.py | 51 ++++++++++++++++++++++++++--- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/nbconvert/preprocessors/sanitize.py b/nbconvert/preprocessors/sanitize.py index 16c981a31..d1422106c 100644 --- a/nbconvert/preprocessors/sanitize.py +++ b/nbconvert/preprocessors/sanitize.py @@ -2,11 +2,48 @@ NBConvert Preprocessor for sanitizing HTML rendering of notebooks. """ -from bleach import ALLOWED_ATTRIBUTES, ALLOWED_STYLES, ALLOWED_TAGS, clean +import warnings + +import bleach +from bleach import ALLOWED_ATTRIBUTES, ALLOWED_TAGS, clean from traitlets import Any, Bool, List, Set, Unicode + +_USE_BLEACH_CSS_SANITIZER = False +_USE_BLEACH_STYLES = False + + +try: + # bleach[css] >=5.0 + from bleach.css_sanitizer import ( + CSSSanitizer, + ALLOWED_CSS_PROPERTIES as ALLOWED_STYLES, + ) + _USE_BLEACH_CSS_SANITIZER = True + _USE_BLEACH_STYLES = False +except ImportError: + try: + # bleach <5 + from bleach import ALLOWED_STYLES + _USE_BLEACH_CSS_SANITIZER = False + _USE_BLEACH_STYLES = True + warnings.warn( + "Support for bleach <5 will be removed in a future version of nbconvert", + DeprecationWarning + ) + + except ImportError: + warnings.warn( + "The installed bleach/tinycss2 do not provide CSS sanitization, " + "please upgrade to bleach >=5", + UserWarning + ) + + from .base import Preprocessor +__all__ = ["SanitizeHTML"] + class SanitizeHTML(Preprocessor): @@ -118,11 +155,17 @@ def sanitize_html_tags(self, html_str): """ Sanitize a string containing raw HTML tags. """ - return clean( - html_str, + kwargs = dict( tags=self.tags, attributes=self.attributes, - styles=self.styles, strip=self.strip, strip_comments=self.strip_comments, ) + + if _USE_BLEACH_CSS_SANITIZER: + css_sanitizer = CSSSanitizer(allowed_css_properties=self.styles) + kwargs.update(css_sanitizer=css_sanitizer) + elif _USE_BLEACH_STYLES: + kwargs.update(styles=self.styles) + + return clean(html_str, **kwargs) From 593fdefe19e1bab28313ea15faddef8c8d71b783 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 7 Apr 2022 18:47:52 +0000 Subject: [PATCH 3/5] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- nbconvert/preprocessors/sanitize.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/nbconvert/preprocessors/sanitize.py b/nbconvert/preprocessors/sanitize.py index d1422106c..34e00e34c 100644 --- a/nbconvert/preprocessors/sanitize.py +++ b/nbconvert/preprocessors/sanitize.py @@ -8,35 +8,34 @@ from bleach import ALLOWED_ATTRIBUTES, ALLOWED_TAGS, clean from traitlets import Any, Bool, List, Set, Unicode - _USE_BLEACH_CSS_SANITIZER = False _USE_BLEACH_STYLES = False try: # bleach[css] >=5.0 - from bleach.css_sanitizer import ( - CSSSanitizer, - ALLOWED_CSS_PROPERTIES as ALLOWED_STYLES, - ) + from bleach.css_sanitizer import ALLOWED_CSS_PROPERTIES as ALLOWED_STYLES + from bleach.css_sanitizer import CSSSanitizer + _USE_BLEACH_CSS_SANITIZER = True _USE_BLEACH_STYLES = False except ImportError: try: # bleach <5 from bleach import ALLOWED_STYLES + _USE_BLEACH_CSS_SANITIZER = False _USE_BLEACH_STYLES = True warnings.warn( - "Support for bleach <5 will be removed in a future version of nbconvert", - DeprecationWarning + "Support for bleach <5 will be removed in a future version of nbconvert", + DeprecationWarning, ) except ImportError: warnings.warn( "The installed bleach/tinycss2 do not provide CSS sanitization, " "please upgrade to bleach >=5", - UserWarning + UserWarning, ) From f3d4111bd6d6d8000d0c94adb674cd3f30037aff Mon Sep 17 00:00:00 2001 From: Nicholas Bollweg Date: Thu, 7 Apr 2022 13:49:02 -0500 Subject: [PATCH 4/5] add tinycss2 --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 2b5db9e70..440823093 100644 --- a/setup.py +++ b/setup.py @@ -251,6 +251,7 @@ def get_data_files(): "packaging", "pandocfilters>=1.4.1", "pygments>=2.4.1", + "tinycss2", # for bleach >=5 "traitlets>=5.0", ] From 6505a1d8a6d81823e94d50b2a6cede5f835fe0b2 Mon Sep 17 00:00:00 2001 From: Nicholas Bollweg Date: Thu, 7 Apr 2022 13:50:17 -0500 Subject: [PATCH 5/5] remove spurious import --- nbconvert/preprocessors/sanitize.py | 1 - 1 file changed, 1 deletion(-) diff --git a/nbconvert/preprocessors/sanitize.py b/nbconvert/preprocessors/sanitize.py index 34e00e34c..8361e69fb 100644 --- a/nbconvert/preprocessors/sanitize.py +++ b/nbconvert/preprocessors/sanitize.py @@ -4,7 +4,6 @@ import warnings -import bleach from bleach import ALLOWED_ATTRIBUTES, ALLOWED_TAGS, clean from traitlets import Any, Bool, List, Set, Unicode