-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: Use nh3 lib instead of bleach #23862
Conversation
Codecov Report
@@ Coverage Diff @@
## master #23862 +/- ##
=======================================
Coverage 68.11% 68.11%
=======================================
Files 1938 1938
Lines 74970 74971 +1
Branches 8141 8141
=======================================
+ Hits 51065 51066 +1
Misses 21826 21826
Partials 2079 2079
Flags with carried forward coverage won't be shown. Click here to find out more.
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
@villebro @dpgaspar About noopener: This prevents a particular type of XSS attack, and should usually be turned on for untrusted HTML.
|
0ad93f4
to
4ffd89f
Compare
Great!! reading the docs that it's the default for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great - soon all Python libs will be written in Rust!
This reverts commit 689bc8e.
#23839 have been superseded by this PR.
SUMMARY
Since bleach is already obsolete/deprecated and will not evolve further, it would be better to switch to nh3, which is not only actively evolving, but also significantly faster than bleach.
Relevant links about nh3:
nh3 docs - https://nh3.readthedocs.io/en/latest/
nh3 github - https://github.com/messense/nh3
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
ADDITIONAL INFORMATION