From f7d5480811c72c7e8104e79a39d08b9407ae3338 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandes.isaacs@googlemail.com>
Date: Sat, 15 Jun 2024 08:18:27 +0200
Subject: [PATCH] Make bleach mandatory

---
 cps/clean_html.py | 23 +++++------------------
 cps/editbooks.py  | 16 ----------------
 requirements.txt  |  3 ++-
 3 files changed, 7 insertions(+), 35 deletions(-)

diff --git a/cps/clean_html.py b/cps/clean_html.py
index 19e87599..93a5d292 100644
--- a/cps/clean_html.py
+++ b/cps/clean_html.py
@@ -19,31 +19,18 @@
 from . import logger
 from lxml.etree import ParserError
 
+log = logger.create()
+
 try:
     # at least bleach 6.0 is needed -> incomplatible change from list arguments to set arguments
-    from bleach import clean_text as clean_html
-    BLEACH = True
+    from bleach import clean as clean_html
 except ImportError:
-    try:
-        BLEACH = False
-        from nh3 import clean as clean_html
-    except ImportError:
-        try:
-            BLEACH = False
-            from lxml.html.clean import clean_html
-        except ImportError:
-            clean_html = None
-
-
-log = logger.create()
+    from nh3 import clean as clean_html
 
 
 def clean_string(unsafe_text, book_id=0):
     try:
-        if BLEACH:
-            safe_text = clean_html(unsafe_text, tags=set(), attributes=set())
-        else:
-            safe_text = clean_html(unsafe_text)
+        safe_text = clean_html(unsafe_text)
     except ParserError as e:
         log.error("Comments of book {} are corrupted: {}".format(book_id, e))
         safe_text = ""
diff --git a/cps/editbooks.py b/cps/editbooks.py
index 43309a14..23d812a5 100644
--- a/cps/editbooks.py
+++ b/cps/editbooks.py
@@ -27,22 +27,6 @@ from shutil import copyfile
 from uuid import uuid4
 from markupsafe import escape, Markup  # dependency of flask
 from functools import wraps
-# from lxml.etree import ParserError
-
-#try:
-#    # at least bleach 6.0 is needed -> incomplatible change from list arguments to set arguments
-#    from bleach import clean_text as clean_html
-#    BLEACH = True
-#except ImportError:
-#    try:
-#        BLEACH = False
-#        from nh3 import clean as clean_html
-#    except ImportError:
-#        try:
-#            BLEACH = False
-#            from lxml.html.clean import clean_html
-#        except ImportError:
-#            clean_html = None
 
 from flask import Blueprint, request, flash, redirect, url_for, abort, Response
 from flask_babel import gettext as _
diff --git a/requirements.txt b/requirements.txt
index 7bb5ff3d..37e1dd0f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,9 +13,10 @@ SQLAlchemy>=1.3.0,<2.1.0
 tornado>=6.3,<6.5
 Wand>=0.4.4,<0.7.0
 unidecode>=0.04.19,<1.4.0
-lxml>=3.8.0,<5.2.0
+lxml>=4.9.1,<5.2.0
 flask-wtf>=0.14.2,<1.3.0
 chardet>=3.0.0,<4.1.0
 advocate>=1.0.0,<1.1.0
 Flask-Limiter>=2.3.0,<3.6.0
 regex>=2022.3.2,<2024.2.25
+bleach>=6.0.0,<6.2.0