upgrade to bleach 1.1.2 or latest

RESOLVED FIXED in 2012.14

Status

support.mozilla.org
Code Quality
P3
normal
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: willkg, Assigned: mythmon)

Tracking

unspecified
2012.14

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: c=general p=1 u=dev)

We should upgrade to bleach 1.1.2. From James' email:

    It fixes a hang in a regex with extremely long or
    complex inline styles. If you're on 1.1.x, you should
    upgrade.

I checked vendor and it looks like we're using bleach 1.0.1.
Summary: upgrade to bleach 1.1.2 → upgrade to bleach 1.1.2 or latest
(Assignee)

Comment 1

6 years ago
I think I got this working, but it needs changes in py-wikimarkup. I'll work with upstream.
Assignee: nobody → mcooper
What changes does it require?
(Assignee)

Comment 3

6 years ago
The changes needed are that it needs to specify an alternate tokenizer when calling bleach.linkify, since bleach.linkify by default sanitizes it's input, causing tags we add to the output to get printed as < and > characters. The changes are fairly minor.
(Assignee)

Updated

6 years ago
Whiteboard: c=general p=1 u=dev
(Assignee)

Updated

6 years ago
Target Milestone: --- → 2012.14
Kadir said anything in the 2012.14 sprint that wasn't IA related should be a P3. Making it so.
Priority: -- → P3
(Assignee)

Comment 7

6 years ago
Landed in fa21009
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Priority: -- → P3
Resolution: --- → FIXED
Mike: We usually provide the github url for the commit sha because then it shows fancy things with bugzilljs. So the url for your commit is this one:

https://github.com/mozilla/kitsune/commit/fa2100902e4e539018c1865136a9ae8b16b9b4be

Additionally, we don't mark the bug as resolved until after it's been pushed to production. That reduces the likelihood that someone who's cc:d on the bug sees it closed, checks production, sees it still broken, reopens the bug, and then we have to explain the confusion. That's too much work. Easier to just mark it resolved after it's pushed to production.
You need to log in before you can comment on or make changes to this bug.