Hi,
On Thu, Feb 27, 2020 at 01:18:55PM +0100, Salvatore Bonaccorso wrote:
> I think though we mgiht need to revisit the assessment that older
> versions are not affected. Look at the this quick and dirty test
> deduced from the testsuite:
So I think versions before are as well vulnerable but a fix will
become not so easy. First back in b07814e0753c ("Extract all html5lib
things into a shim module") in v3.0.0 did split some code from
bleach.sanitizer to bleach.html5lib_shim, and before in 67afdf8ae7d3
("Prevent HTMLTokenizer from unescaping entities") in v2.1 was quite
refactored.
Now I'm not entirely sure how we should fix that for stretch.
Regards,
Salvatore
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
