Open
Conversation
This switches it so the "in" and "out" for tests are in the same file. This makes them easier to read through on GitHub and in an editor.
Tests cleanup and dev prep
* Moves test_security.py tests into test_clean.py * Removes duplicate tests and unhelpful tests * Adds additional helpful test cases * Reworks some tests to be easier and run to read by parametrizing them * Adds comments and adjusts function names to be more helpful
Merge all the clean tests into one file and clean up
I squashed test cases into single files--no more .out files. This carries that change through to MANIFEST.in and our tests_website system.
Fix MANIFEST and data_to_json.py related to recent changes
Fixes a security issue where url sanitizing wouldn't work if there were character entities breaking up the scheme. This allowed javascript urls even when they were not explicitly allowed.
Fix url sanitizing
Add tests for sanitizing urls in css properties
This fixes the ambiguous ampersand case in character entity handling in attribute values. Fixes #359
Handle ambiguous ampersands correctly
Issue 352 has a string that manages to tokenize an html attribute with a namespace, but no name. Then the namespace doesn't exist in prefixes and that throws a KeyError. This alleviates that a bit such that if there's a namespace, but no name, it swaps the two values. Further, if prefixes doesn't have the namespace, then it ignores the namespace. Fixes #352
Handle nonexistent namespaces better
The CSS is in an HTML attribute value, so we need to convert character entities in it which makes it proper CSS before we can sanitize it. Fixes #363
Convert entities in CSS values before sanitizing
Drop support for EOL Python 3.3
This change makes it clearer what the file is for.
fixes 371 - reqs updates
nit fixes
fixes: bug 1689399 / GHSA vv2x-vrpj-qqpq
Fix ghsa vv2x vrpj qqpq
reported by Michał Bentkowski at Securitum
tests: add tests for more eject tags for GHSA-vv2x-vrpj-qqpq
Remove duplicated h1 in changelog
s/regression/untriaged/ all bugs are not regressions
fix docs interpreter version
diff should exit with a non-zero exit code when the tree diff includes extra files or directories
match python version in lint GHA workflow
Fix 598 verify vendor
Update for v3.3.1 release
fix sanity check step indentation and colon
Fix attribute name in linkify docs.
* tox: drop EOL pythons * tox: drop pypy2 * tox: drop python 3.5 * setup.py: drop EOL pythons * ci: drop python 3.5
* tests_website: remove six usage from server.py * tests_website: bump version * tests_website: update open_test_page.py for Python 3
* remove non-vendored six.moves imports * sanitizer: replace six.string_types check with str * linkifier: replace six.string_types check with str * sanitizer: drop force_unicode call * linkifier: drop force_unicode calls * html5lib_shim: replace six text_type and unichr calls * utils: remove force_unicode fn * remove unicode_literals imports
4.0.0 branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
содержит фикс зависимости от html5lib