[Django] #34600: Review reference to bleach in docs
Django
-----------------------------------------+------------------------
Reporter: David Smith | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 4.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
The django docs make a couple of references to bleach to sanitise user
input. However bleach is deprecated. Should we either remove this
reference, or find another library to reference?
Docs-
https://docs.djangoproject.com/en/4.2/ref/templates/builtins/#striptags
Bleach- https://github.com/mozilla/bleach
--
Ticket URL: <https://code.djangoproject.com/ticket/34600>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: David Smith | Owner: nobody
Component: Documentation | Version: 4.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* type: Uncategorized => Cleanup/optimization
* component: Uncategorized => Documentation
* stage: Unreviewed => Accepted
Comment:
Agreed, we should no longer advertise `bleach`.
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:1>
Django
--------------------------------------+------------------------------------
Reporter: David Smith | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 4.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by Natalia Bidart):
Is the goal here to just drop the reference to any HTML sanitizer, or
shall we try to find a decent (and maintained) replacement?
It seems from [https://forum.djangoproject.com/t/tools-to-sanitize-
html/6284 this forum post] that perhaps [https://github.com/matthiask
/html-sanitizer html-sanitizer] may be a good alternative. There is also
[https://github.com/rust-ammonia/ammonia another one written in rust] with
[https://github.com/messense/nh3 non official python bindings available].
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:2>
Django
--------------------------------------+------------------------------------
Reporter: David Smith | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 4.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by David Smith):
I think generally django avoids referring to 3rd party packages? Maybe we
could reference the use of a sanitizer but without making a
recommendation.
Maybe something like...
If you are looking for something more robust, you should investigate using
a 3rd party HTML-sanitizing tool.
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:3>
Django
--------------------------------------+------------------------------------
Reporter: David Smith | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 4.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
--------------------------------------+------------------------------------
Changes (by Natalia Bidart):
* easy: 0 => 1
Comment:
Thanks David, makes sense not to endorse any particular library, +1 to
your suggestion.
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:4>
Django
Reporter: David Smith | Owner: Akash
Type: | Kumar Sen
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 4.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Akash Kumar Sen):
* owner: nobody => Akash Kumar Sen
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:5>
Django
-------------------------------------+-------------------------------------
Reporter: David Smith | Owner: Akash
Type: | Kumar Sen
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 4.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Akash Kumar Sen):
* has_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:6>
Django
-------------------------------------+-------------------------------------
Reporter: David Smith | Owner: Akash
Type: | Kumar Sen
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 4.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Bhuvnesh):
[https://github.com/django/django/pull/16907 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:7>
Django
-------------------------------------+-------------------------------------
Reporter: David Smith | Owner: Akash
Type: | Kumar Sen
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 4.2
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:8>
Django
-------------------------------------+-------------------------------------
Reporter: David Smith | Owner: Akash
Type: | Kumar Sen
Component: Documentation | Version: 4.2
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"b0a6cc7f5738d6b959faf10354b772338f611fd9" b0a6cc7f]:
{{{
#!CommitTicketReference repository=""
revision="b0a6cc7f5738d6b959faf10354b772338f611fd9"
Fixed #34600 -- Removed references to bleach in docs.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:9>
Django
-------------------------------------+-------------------------------------
Reporter: David Smith | Owner: Akash
Type: | Kumar Sen
Cleanup/optimization | Status: closed
Component: Documentation | Version: 4.2
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"dca5f5d58af8b8d82c96bdf3d28be74886bb955f" dca5f5d]:
{{{
#!CommitTicketReference repository=""
revision="dca5f5d58af8b8d82c96bdf3d28be74886bb955f"
[4.2.x] Fixed #34600 -- Removed references to bleach in docs.
Backport of b0a6cc7f5738d6b959faf10354b772338f611fd9 from main
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/34600#comment:10>