diff --git a/apps/academy/templates/academy/academy_challenge_page.html b/apps/academy/templates/academy/academy_challenge_page.html
index 8dd6be56..902b2d98 100644
--- a/apps/academy/templates/academy/academy_challenge_page.html
+++ b/apps/academy/templates/academy/academy_challenge_page.html
@@ -1,11 +1,11 @@
{% extends "base.html" %}
-{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n bleach_tags %}
+{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n core_tags %}
{% block fb_meta_tags %}
{% with description=page.translated_intro|richtext %}
-
+
{% endwith %}
{% endblock %}
diff --git a/apps/academy/templates/academy/academy_page.html b/apps/academy/templates/academy/academy_page.html
index 567e6c5f..aded3265 100644
--- a/apps/academy/templates/academy/academy_page.html
+++ b/apps/academy/templates/academy/academy_page.html
@@ -1,11 +1,11 @@
{% extends "base.html" %}
-{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n bleach_tags %}
+{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n core_tags %}
{% block fb_meta_tags %}
{% with description=page.translated_intro|richtext %}
-
+
{% endwith %}
{% endblock %}
diff --git a/apps/academy/templates/academy/includes/academy_list_item.html b/apps/academy/templates/academy/includes/academy_list_item.html
index 74505a01..1d628ec0 100644
--- a/apps/academy/templates/academy/includes/academy_list_item.html
+++ b/apps/academy/templates/academy/includes/academy_list_item.html
@@ -1,4 +1,4 @@
-{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n bleach_tags %}
+{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n %}
' + link + ""
- css_sanitizer = CSSSanitizer(allowed_css_properties=[])
- clean_result = bleach.clean(
- result,
- tags=[],
- attributes={},
- css_sanitizer=css_sanitizer,
- strip=True,
- )
+ clean_result = clean_html_all(result)
subtitle_en = clean_result[0:100]
intro_en = clean_result[0:100]
title_en = title
diff --git a/apps/blog/templates/blog/blog_page.html b/apps/blog/templates/blog/blog_page.html
index 034f81da..4b0d5d4d 100644
--- a/apps/blog/templates/blog/blog_page.html
+++ b/apps/blog/templates/blog/blog_page.html
@@ -1,11 +1,11 @@
{% extends "base.html" %}
-{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n bleach_tags %}
+{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n core_tags %}
{% block fb_meta_tags %}
{% with description=page.translated_intro|richtext %}
-
+
{% endwith %}
{% endblock %}
diff --git a/apps/core/templates/core/text_page_with_blocks.html b/apps/core/templates/core/text_page_with_blocks.html
index e78fb517..ec6c3da9 100644
--- a/apps/core/templates/core/text_page_with_blocks.html
+++ b/apps/core/templates/core/text_page_with_blocks.html
@@ -1,13 +1,11 @@
{% extends "base.html" %}
-{% load wagtailimages_tags i18n %}
-{% load wagtailcore_tags core_tags bleach_tags %}
-{% load static %}
+{% load static i18n wagtailimages_tags wagtailcore_tags core_tags %}
{% block fb_meta_tags %}
{% with description=page.translated_intro|richtext %}
-
+
{% endwith %}
{% endblock %}
diff --git a/apps/core/templatetags/core_tags.py b/apps/core/templatetags/core_tags.py
index 5e5b4a3e..c499ba77 100644
--- a/apps/core/templatetags/core_tags.py
+++ b/apps/core/templatetags/core_tags.py
@@ -3,8 +3,10 @@
from django.core.exceptions import ImproperlyConfigured
from django.http import Http404
from django.urls import resolve
+from django.utils.safestring import SafeString
from apps.core.models import NavigationMenu
+from contrib import transforms
register = template.Library()
@@ -82,3 +84,8 @@ def matomo_tracking_code():
"url": settings.MATOMO_URL,
"cookie_disabled": cookie_disabled,
}
+
+
+@register.filter()
+def clean_html_all(text: str) -> SafeString:
+ return transforms.clean_html_all(text)
diff --git a/apps/projects/templates/projects/project_index_page.html b/apps/projects/templates/projects/project_index_page.html
index c9659f74..515a535b 100644
--- a/apps/projects/templates/projects/project_index_page.html
+++ b/apps/projects/templates/projects/project_index_page.html
@@ -1,11 +1,11 @@
{% extends "base.html" %}
-{% load static i18n wagtailcore_tags bleach_tags %}
+{% load static i18n wagtailcore_tags core_tags %}
{% block fb_meta_tags %}
{% with description=page.translated_intro|richtext %}
-
+
{% endwith %}
{% endblock %}
diff --git a/apps/projects/templates/projects/project_page.html b/apps/projects/templates/projects/project_page.html
index 701f1109..bb65f6a9 100644
--- a/apps/projects/templates/projects/project_page.html
+++ b/apps/projects/templates/projects/project_page.html
@@ -1,11 +1,11 @@
{% extends "base.html" %}
-{% load static i18n wagtailcore_tags wagtailimages_tags bleach_tags %}
+{% load static i18n wagtailcore_tags wagtailimages_tags core_tags %}
{% block fb_meta_tags %}
{% with description=page.translated_shorttext|richtext %}
-
+
{% endwith %}
{% if page.image %}
{% image page.image width-400 as image %}
diff --git a/changelog/8014.md b/changelog/8014.md
index 2e6a0f48..4feb07ec 100644
--- a/changelog/8014.md
+++ b/changelog/8014.md
@@ -1,3 +1,8 @@
+### Added
+
+- add templatetag 'clean_html_all' which strips all css and html tags using
+ Bleach
+
### Changed
- update wagtail to 4.2x
@@ -6,3 +11,9 @@
- adjust to new slug field behavior in wagtail 5.0.x
- update wagtail to 5.1.3
- update to wagtail 5.2.5
+- use new clean_html_all templatetag to replace djang-bleach
+- update Bleach to 6.x
+
+### Removed
+
+- removed outdated django-bleach dependency
diff --git a/contrib/transforms.py b/contrib/transforms.py
new file mode 100644
index 00000000..3e06e3cf
--- /dev/null
+++ b/contrib/transforms.py
@@ -0,0 +1,17 @@
+import bleach
+from bleach.css_sanitizer import CSSSanitizer
+from django.utils.safestring import SafeString
+from django.utils.safestring import mark_safe
+
+
+def clean_html_all(text: str) -> SafeString:
+ css_sanitizer = CSSSanitizer(allowed_css_properties=[])
+ return mark_safe(
+ bleach.clean(
+ text,
+ tags={},
+ attributes={},
+ css_sanitizer=css_sanitizer,
+ strip=True,
+ )
+ )
diff --git a/pyproject.toml b/pyproject.toml
index 8948aa2c..18c4a78e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -19,9 +19,8 @@ classifiers = [
]
dependencies = [
"Django >= 3.2, < 4.3",
- "bleach[css]",
+ "bleach[css] >= 6.0",
"brotli",
- "django-bleach",
"django-cloudflare-push",
"django-multiselectfield",
"django_csp",
diff --git a/requirements/base.txt b/requirements/base.txt
index cf5d93f4..d9ab30ba 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -2,9 +2,8 @@
Django==4.2.14
wagtail==5.2.5
-bleach[css]==5.0.1
+bleach[css]==6.1.0
brotli==1.1.0
-django-bleach==3.1.0
django-cloudflare-push==0.2.2
django_csp==3.8
django-multiselectfield==0.1.13
diff --git a/website_wagtail/settings/base.py b/website_wagtail/settings/base.py
index e7924469..3929083c 100644
--- a/website_wagtail/settings/base.py
+++ b/website_wagtail/settings/base.py
@@ -74,7 +74,6 @@
"django.contrib.messages",
"django.contrib.staticfiles",
"wagtail.contrib.settings",
- "django_bleach",
"taggit",
"modelcluster",
"wagtail",
@@ -141,13 +140,6 @@
MEDIA_ROOT = join(BASE_DIR, "media")
MEDIA_URL = "/media/"
-# Template configuration
-
-BLEACH_ALLOWED_TAGS = []
-BLEACH_ALLOWED_ATTRIBUTES = []
-BLEACH_STRIP_TAGS = True
-
-
# Wagtail settings
LOGIN_URL = "wagtailadmin_login"