Changelog History
Page 1
-
v5.0.1 Changes
June 27, 2022๐ Bugs
โ Add missing comma to tinycss2 require. Thank you, @shadchin!
โ Add url parse tests based on wpt url tests. (#688)
๐ Support scheme-less urls if "https" is in allow list. (#662)
๐ Handle escaping
<
in edge cases where it doesn't start a tag. (#544)๐ Fix reference warnings in docs. (#660)
Correctly urlencode email address parts. Thank you, @larseggert! (#659)
-
v5.0.0 Changes
April 07, 2022Backwards incompatible changes
clean
andlinkify
now preserve the order of HTML attributes. Thank you, @askoretskly! (#566)โฌ๏ธ Drop support for Python 3.6. Thank you, @hugovk! (#629)
๐ CSS sanitization in style tags is completely different now. If you're using Bleach
clean
to sanitize css in style tags, you'll need to update your code and you'll need to install thecss
extras::pip install 'bleach[css]'
See
the documentation on sanitizing CSS for how to do it <https://bleach.readthedocs.io/en/latest/clean.html#sanitizing-css>
_. (#633)๐ Bug fixes
- Rework dev dependencies. We no longer have
requirements-dev.in
/requirements-dev.txt
. Instead, we're usingdev
extras.
See
development docs <https://bleach.readthedocs.io/en/latest/dev.html>
_ for more details. (#620)- โ Add newline when dropping block-level tags. Thank you, @jvanasco! (#369)
-
v4.1.0 Changes
August 25, 2021๐ Features
- ๐ Python 3.9 support
๐ Bug fixes
- โก๏ธ Update sanitizer clean to use vendored 3.6.14 stdlib urllib.parse to fix test failures on Python 3.9. (#536)
-
v4.0.0 Changes
August 03, 2021Backwards incompatible changes
- โฌ๏ธ Drop support for unsupported Python versions <3.6. (#520)
๐ Security fixes
None
๐ Features
- ๐ fix attribute name in the linkify docs (thanks @CheesyFeet!)
-
v3.3.1 Changes
July 14, 2021๐ Security fixes
None
๐ Features
- โ add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq
- โฌ๏ธ bump python version to 3.8 for tox doc, vendorverify, and lint targets
- โก๏ธ update bug report template tag
- โก๏ธ update vendorverify script to detect and fail when extra files are vendored
- ๐ update release process docs to check vendorverify passes locally
๐ Bug fixes
- โ remove extra vendored django present in the v3.3.0 whl (#595)
- duplicate h1 header doc fix (thanks Nguyแป n Gia Phong / @McSinyx!)
-
v3.3.0 Changes
February 01, 2021Backwards incompatible changes
- clean escapes HTML comments even when strip_comments=False
๐ Security fixes
- ๐ Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details.
๐ Features
None
๐ Bug fixes
None
-
v3.2.3 Changes
January 26, 2021๐ Security fixes
None
๐ Features
None
๐ Bug fixes
- ๐ fix clean and linkify raising ValueErrors for certain inputs. Thank you @Google-Autofuzz.
-
v3.2.2 Changes
January 20, 2021๐ Security fixes
None
๐ Features
- ๐ท Migrate CI to Github Actions. Thank you @hugovk.
๐ Bug fixes
- ๐ fix linkify raising an IndexError on certain inputs. Thank you @Google-Autofuzz.
-
v3.2.1 Changes
September 18, 2020๐ Security fixes
None
๐ Features
None
๐ Bug fixes
- ๐ change linkifier to add rel="nofollow" as documented. Thank you @mitar.
- ๐ suppress html5lib sanitizer DeprecationWarnings (#557)
-
v3.2.0 Changes
September 16, 2020๐ Security fixes
None
๐ Features
None
๐ Bug fixes
html5lib
dependency to version 1.1.0. Thank you Sam Sneddon.- โก๏ธ update tests_website terminology. Thank you Thomas Grainger.