Wrong dependency link for bleach?

[franontanaya]

bleach doesn't get installed when running pip install.

The dependency_links git in setup.py points to:

https://github.com/jsocol/bleachmastertarball/master#egg=bleach-dev

which doesn't yield anything. A valid link could be:

https://github.com/jsocol/bleach/tarball/master#egg=bleach-dev

[bendk]

Yeah looks like it.

In the amara dependencies, I see this one:

git+https://github.com/jsocol/bleach.git@105b4cfc2f00cc1954bcab3b39b16fbfaf8863e0#egg=bleach

So we would need to figure out if we want master or a specific version. Usually I like to pin to a release version, but I'm not even sure what bleach does so I'm not sure what to suggest.

No matter what we should make sure to test with the change and see if everything is okay.

[franontanaya]

Thanks! It does HTML sanitizing, including dealing with weird fragments. babelsubs uses it to remove everything except a few supported tags when parsing SRT, TXT and WebVTT. It could break things if something gets through when uploading/creating subtitles and then gets output elsewhere.

grepping around it seems pculture/unisubs uses Django's built in strip_tags, except for subtitles_tags.py.

I don't see major changes between 1.2.2 (current babelsubs requirement: https://github.com/jsocol/bleach/tree/v1.2.2) and 1.4, but 1.4 depends on html5lib 0.999, vs 0.95. Sounds like html5lib's API changed between 0.95 and 0.999, so that's one source of trouble if html5lib is used elsewhere.

https://github.com/jsocol/bleach/blob/90a79d24fcce8f6404d9b636936e7886558495fb/CHANGES

I have bleach 1.4 ( https://github.com/jsocol/bleach/commit/90a79d24fcce8f6404d9b636936e7886558495fb ) and html5lib 0.999, so I'll update here if that works for babelsubs.

This issue is not really a problem currently, I'm just looking into making a branch for some On Demand output formats.