search

mozilla / bleach

Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes
https://bleach.readthedocs.io/en/latest/
Other
2.65k stars 253 forks source link

Bleach breaks with latest html5lib release #337

Closed rixx closed 6 years ago

rixx commented 6 years ago

Upgrading to html5lib-1.0.1 breaks, as they made their ReparseException class private as per html5lib/html5lib-python#371. This breaks bleach on import:

  File "/home/rixx/Projects/chaos/pretalx/src/pretalx/mail/models.py", line 3, in <module>
    import bleach
  File "/home/rixx/.virtualenvs/pretalx/lib/python3.6/site-packages/bleach/__init__.py", line 11, in <module>
    from bleach.sanitizer import (
  File "/home/rixx/.virtualenvs/pretalx/lib/python3.6/site-packages/bleach/sanitizer.py", line 10, in <module>
    from html5lib.constants import (
ImportError: cannot import name 'ReparseException'

bleach is also at its latest version. For all concerned: pinning html5lib to html5lib==1.0b10 resolves the issue until a new (fixed) bleach release is out there, or manually install it with pip install html5lib==1.0b10.

willkg commented 6 years ago

We just did the html5lib-python release. I'll fix Bleach to work with html5lib-python 1.0 today.