Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bleach is deprecated as of 2023-01-23 #445

Open
greyhare opened this issue Aug 6, 2023 · 1 comment
Open

Bleach is deprecated as of 2023-01-23 #445

greyhare opened this issue Aug 6, 2023 · 1 comment

Comments

@greyhare
Copy link

greyhare commented Aug 6, 2023

From the official announcement:

Summary

As of now, Bleach is deprecated.

We will continue to support Bleach:

security updates
support for new Python versions
fixes for egregious bugs

I figure that's one release a year or something like that.

Why?

Bleach sits on top of--and heavily relies on--html5lib which is no longer in active development. It is increasingly difficult to maintain Bleach in that context and I think it's nuts to build a security library on top of a library that's not in active development. There are some options (switch to something else, take over html5lib, etc), I don't particularly like any of them. I think instead, someone new should explore the options with a brand new library and a fresh start.

Later in the thread there's a recommendation to consider nh3/ammonia instead.
@selwin
Copy link
Collaborator

selwin commented Aug 21, 2023

I'm happy to accept a PR for this :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@selwin @greyhare