Bleach is deprecated
mattiaverga opened this issue · 1 comments
mattiaverga commented
Bleach is deprecated and its maintenance will soon be dropped by upstream.
We should switch to ammonia (rust) + nh3 (its python bindings) or html-sanitizer (python native).
mattiaverga commented
ammonia + nh3 are the best replacements here, but they currently are not 100% compatible with bleach, because they completely remove unallowed tags, while bleach just escape them. We'll need to wait and see if ammonia developers are going to implement the choice to escape unallowed tags.
Also, there's no replacement for bleach.linkify(), so we might need to find another solution for that.