From 6879f6a67058c0d5977a8aa580b6338c9d34ff0e Mon Sep 17 00:00:00 2001 From: Greg Guthe Date: Mon, 25 Jan 2021 17:39:42 -0500 Subject: [PATCH 1/2] html5lib_shim: validate unicode points for convert_entity fixes: * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29865 * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29882 --- bleach/html5lib_shim.py | 17 +++++++++++++++-- tests/test_html5lib_shim.py | 10 ++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/bleach/html5lib_shim.py b/bleach/html5lib_shim.py index 9984b175..c71947ee 100644 --- a/bleach/html5lib_shim.py +++ b/bleach/html5lib_shim.py @@ -459,9 +459,22 @@ def convert_entity(value): if value[0] == "#": if len(value) < 2: return None + if value[1] in ("x", "X"): - return six.unichr(int(value[2:], 16)) - return six.unichr(int(value[1:], 10)) + # hex-encoded code point + int_as_string, base = value[2:], 16 + else: + # decimal code point + int_as_string, base = value[1:], 10 + + if int_as_string == "": + return None + + code_point = int(int_as_string, base) + if 0 < code_point < 0x110000: + return six.unichr(code_point) + else: + return None return ENTITIES.get(value, None) diff --git a/tests/test_html5lib_shim.py b/tests/test_html5lib_shim.py index fcb7799d..5a836bcd 100644 --- a/tests/test_html5lib_shim.py +++ b/tests/test_html5lib_shim.py @@ -19,6 +19,16 @@ ("&xx;", "&xx;"), # Handles multiple entities in the same string ("this & that & that", "this & that & that"), + # Handles empty decimal and hex encoded code points + ("&#x;", "&#x;"), + ("&#;", "&#;"), + # Handles too high unicode points + ("�", "�"), + ("�", "�"), + ("�", "�"), + # Handles negative unicode points + ("&#-1;", "&#-1;"), + ("&#x-1;", "&#x-1;"), ], ) def test_convert_entities(data, expected): From 612b8080ada0fba45f0575bfcd4f3a0bda7bfaca Mon Sep 17 00:00:00 2001 From: Greg Guthe Date: Mon, 25 Jan 2021 17:47:06 -0500 Subject: [PATCH 2/2] Update for v3.2.3 release --- CHANGES | 17 ++++++++++++++++- bleach/__init__.py | 4 ++-- tests_website/index.html | 4 ++-- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 936ecf8c..b93ae510 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,23 @@ Bleach changes ============== +Version 3.2.3 (January 26th, 2021) +---------------------------------- + +**Security fixes** + +None + +**Features** + +None + +**Bug fixes** + +* fix clean and linkify raising ValueErrors for certain inputs. Thank you @Google-Autofuzz. + Version 3.2.2 (January 20th, 2021) ------------------------------------- +---------------------------------- **Security fixes** diff --git a/bleach/__init__.py b/bleach/__init__.py index b2f58fd7..02301f7e 100644 --- a/bleach/__init__.py +++ b/bleach/__init__.py @@ -18,9 +18,9 @@ # yyyymmdd -__releasedate__ = "20210120" +__releasedate__ = "20210126" # x.y.z or x.y.z.dev0 -- semver -__version__ = "3.2.2" +__version__ = "3.2.3" VERSION = packaging.version.Version(__version__) diff --git a/tests_website/index.html b/tests_website/index.html index c017eb88..5df8ed99 100644 --- a/tests_website/index.html +++ b/tests_website/index.html @@ -2,7 +2,7 @@ - Python Bleach 3.2.2 + Python Bleach 3.2.3 -

Python Bleach 3.2.2

+

Python Bleach 3.2.3

pypi version Build Status