update Bleach to 6.x and remove django-bleach

apps/academy/templates/academy/academy_challenge_page.html

@@ -1,11 +1,11 @@
 {% extends "base.html" %}
-{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n bleach_tags %}
+{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n core_tags %}
 
 {% block fb_meta_tags %}
     <meta property="og:type" content="content" />
     <meta property="og:title" content="{{ page.translated_title }}" />
     {% with description=page.translated_intro|richtext %}
-    <meta property="og:description" content="{{ description|bleach }}" />
+    <meta property="og:description" content="{{ description|clean_html_all }}" />
     {% endwith %}
 {% endblock %}
 

apps/academy/templates/academy/academy_page.html

@@ -1,11 +1,11 @@
 {% extends "base.html" %}
-{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n bleach_tags %}
+{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n core_tags %}
 
 {% block fb_meta_tags %}
     <meta property="og:type" content="content" />
     <meta property="og:title" content="{{ page.translated_title }}" />
     {% with description=page.translated_intro|richtext %}
-    <meta property="og:description" content="{{ description|bleach }}" />
+    <meta property="og:description" content="{{ description|clean_html_all }}" />
     {% endwith %}
 {% endblock %}
 

apps/academy/templates/academy/includes/academy_list_item.html

@@ -1,4 +1,4 @@
-{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n bleach_tags %}
+{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n %}
 
 <li class="col-12 col-sm-6 col-md-4 academy-list__item mb-4">
     <a href="{% if content.external_link %}

apps/blog/management/commands/insert-blogposts.py

@@ -3,14 +3,13 @@
 from datetime import timedelta
 from urllib.request import urlopen
 
-import bleach
-from bleach.css_sanitizer import CSSSanitizer
 from bs4 import BeautifulSoup
 from django.core.management.base import BaseCommand
 from django.template.defaultfilters import slugify
 
 from apps.blog.models import BlogIndexPage
 from apps.blog.models import BlogPage
+from contrib.transforms import clean_html_all
 
 
 class Command(BaseCommand):
@@ -86,14 +85,7 @@ def handle(self, *args, **options):
 
             result = result + '<a href="' + link + '">' + link + "</a>"
 
-            css_sanitizer = CSSSanitizer(allowed_css_properties=[])
-            clean_result = bleach.clean(
-                result,
-                tags=[],
-                attributes={},
-                css_sanitizer=css_sanitizer,
-                strip=True,
-            )
+            clean_result = clean_html_all(result)
             subtitle_en = clean_result[0:100]
             intro_en = clean_result[0:100]
             title_en = title

apps/blog/templates/blog/blog_page.html

@@ -1,11 +1,11 @@
 {% extends "base.html" %}
-{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n bleach_tags %}
+{% load static wagtailcore_tags wagtailimages_tags wagtailembeds_tags i18n core_tags %}
 
 {% block fb_meta_tags %}
     <meta property="og:type" content="article" />
     <meta property="og:title" content="{{ page.translated_title }}" />
     {% with description=page.translated_intro|richtext %}
-    <meta property="og:description" content="{{ description|bleach }}" />
+    <meta property="og:description" content="{{ description|clean_html_all }}" />
     {% endwith %}
 {% endblock %}
 

apps/core/templates/core/text_page_with_blocks.html

@@ -1,13 +1,11 @@
 {% extends "base.html" %}
-{% load wagtailimages_tags i18n %}
-{% load wagtailcore_tags core_tags bleach_tags %}
-{% load static %}
+{% load static i18n wagtailimages_tags wagtailcore_tags core_tags %}
 
 {% block fb_meta_tags %}
 	<meta property="og:type" content="article" />
 	<meta property="og:title" content="{{ page.translated_title }}" />
 	{% with description=page.translated_intro|richtext %}
-	<meta property="og:description" content="{{ description|bleach }}" />
+	<meta property="og:description" content="{{ description|clean_html_all }}" />
 	{% endwith %}
 {% endblock %}
 

apps/core/templatetags/core_tags.py

@@ -3,8 +3,10 @@
 from django.core.exceptions import ImproperlyConfigured
 from django.http import Http404
 from django.urls import resolve
+from django.utils.safestring import SafeString
 
 from apps.core.models import NavigationMenu
+from contrib import transforms
 
 register = template.Library()
 
@@ -82,3 +84,8 @@ def matomo_tracking_code():
         "url": settings.MATOMO_URL,
         "cookie_disabled": cookie_disabled,
     }
+
+
+@register.filter()
+def clean_html_all(text: str) -> SafeString:
+    return transforms.clean_html_all(text)

apps/projects/templates/projects/project_index_page.html

@@ -1,11 +1,11 @@
 {% extends "base.html" %}
-{% load static i18n wagtailcore_tags bleach_tags %}
+{% load static i18n wagtailcore_tags core_tags %}
 
 {% block fb_meta_tags %}
 	<meta property="og:type" content="website" />
 	<meta property="og:title" content="{{ page.translated_title }}" />
 	{% with description=page.translated_intro|richtext %}
-	<meta property="og:description" content="{{ description|bleach }}" />
+	<meta property="og:description" content="{{ description|clean_html_all }}" />
 	{% endwith %}
 {% endblock %}
 

apps/projects/templates/projects/project_page.html

@@ -1,11 +1,11 @@
 {% extends "base.html" %}
-{% load static i18n wagtailcore_tags wagtailimages_tags bleach_tags %}
+{% load static i18n wagtailcore_tags wagtailimages_tags core_tags %}
 
 {% block fb_meta_tags %}
     <meta property="og:type" content="article" />
     <meta property="og:title" content="{{ page.translated_title }}" />
     {% with description=page.translated_shorttext|richtext %}
-    <meta property="og:description" content="{{ description|bleach }}" />
+    <meta property="og:description" content="{{ description|clean_html_all }}" />
     {% endwith %}
     {% if page.image %}
     {% image page.image width-400 as image %}

changelog/8014.md

@@ -1,3 +1,8 @@
+### Added
+
+- add templatetag 'clean_html_all' which strips all css and html tags using
+  Bleach
+
 ### Changed
 
 - update wagtail to 4.2x
@@ -6,3 +11,9 @@
 - adjust to new slug field behavior in wagtail 5.0.x
 - update wagtail to 5.1.3
 - update to wagtail 5.2.5
+- use new clean_html_all templatetag to replace django-bleach
+- update Bleach to 6.x
+
+### Removed
+
+- removed outdated django-bleach dependency

contrib/transforms.py

@@ -0,0 +1,17 @@
+import bleach
+from bleach.css_sanitizer import CSSSanitizer
+from django.utils.safestring import SafeString
+from django.utils.safestring import mark_safe
+
+
+def clean_html_all(text: str) -> SafeString:
+    css_sanitizer = CSSSanitizer(allowed_css_properties=[])
+    return mark_safe(
+        bleach.clean(
+            text,
+            tags={},
+            attributes={},
+            css_sanitizer=css_sanitizer,
+            strip=True,
+        )
+    )

pyproject.toml

@@ -19,9 +19,8 @@ classifiers = [
 ]
 dependencies = [
     "Django >= 3.2, < 4.3",
-    "bleach[css]",
+    "bleach[css] >= 6.0",
     "brotli",
-    "django-bleach",
     "django-cloudflare-push",
     "django-multiselectfield",
     "django_csp",

requirements/base.txt

@@ -2,9 +2,8 @@
 Django==4.2.14
 wagtail==5.2.5
 
-bleach[css]==5.0.1
+bleach[css]==6.1.0
 brotli==1.1.0
-django-bleach==3.1.0
 django-cloudflare-push==0.2.2
 django_csp==3.8
 django-multiselectfield==0.1.13

website_wagtail/settings/base.py

@@ -74,7 +74,6 @@
     "django.contrib.messages",
     "django.contrib.staticfiles",
     "wagtail.contrib.settings",
-    "django_bleach",
     "taggit",
     "modelcluster",
     "wagtail",
@@ -141,13 +140,6 @@
 MEDIA_ROOT = join(BASE_DIR, "media")
 MEDIA_URL = "/media/"
 
-# Template configuration
-
-BLEACH_ALLOWED_TAGS = []
-BLEACH_ALLOWED_ATTRIBUTES = []
-BLEACH_STRIP_TAGS = True
-
-
 # Wagtail settings
 
 LOGIN_URL = "wagtailadmin_login"