[BUG] Bleach 6.0.0 breaks escape method at mezzanine/utils/html.py
dbeltra opened this issue · 4 comments
dbeltra commented
Is there an existing issue for this?
- I have searched the existing Issues
Current Behavior
When trying to save a rich text page you get the following error:
TypeError: unsupported operand type(s) for +: 'frozenset' and 'list'
Expected Behavior
The page should be saved without errors
Steps To Reproduce
- Install Mezzanine 6.0.0 and bleach 6.0.0
- Create a new project and try to save a page
Environment
* Mezzanine 6.0.0
* Django 4.1.7
* Python 3.8.13
* SQLite 3.38.5
* Darwin 21.4.0
Anything else?
On the latest bleach release, ALLOWED_PROTOCOLS has been changed from list to a frozenset, this is the specific commit: mozilla/bleach@29231a1
This makes this code (https://github.com/stephenmcd/mezzanine/blob/master/mezzanine/utils/html.py#L113) crash:
protocols=ALLOWED_PROTOCOLS + ["tel"]
since lists and frozensets can't be added
Downgrading to bleach==5.0.1 fixes the issue.
Dziugas commented
Yup, ran into this one too.
andr0s commented
Yep same
LordVan commented
I just changed line 113 to this and it seems to work so far:
protocols=list(ALLOWED_PROTOCOLS) + ["tel"],