fix: Deal with backward incompatible changes in bleach.

The `bleach` library now expects sets as input for a few parameters and their defaults have been updated to reflect that. So we needed to do some set unions instead of adding lists together in a few places. Details of the changes can be found here: https://bleach.readthedocs.io/en/latest/changes.html#version-6-0-0-january-23rd-2023

fix: Deal with backward incompatible changes in bleach.
27029edf · Feanil Patel · 071fccd9 · 27029edf · 27029edf
Unverified Commit 27029edf authored 2 years ago by Feanil Patel
--- a/lti_consumer/lti_xblock.py
+++ b/lti_consumer/lti_xblock.py
@@ -1585,7 +1585,7 @@ class LtiConsumerXBlock(StudioEditableXBlockMixin, XBlock):
        # For more context on ALLOWED_TAGS and ALLOWED_ATTRIBUTES
        # Look into this documentation URL see https://bleach.readthedocs.io/en/latest/clean.html#allowed-tags-tags
        # This lets all plaintext through.
-        allowed_tags = bleach.sanitizer.ALLOWED_TAGS + ['img']
+        allowed_tags = bleach.sanitizer.ALLOWED_TAGS | {'img'}
        allowed_attributes = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES, **{'img': ['src', 'alt']})
        sanitized_comment = bleach.clean(self.score_comment, tags=allowed_tags, attributes=allowed_attributes)

--- a/lti_consumer/templatetags/lti_sanitize.py
+++ b/lti_consumer/templatetags/lti_sanitize.py
@@ -13,7 +13,7 @@ def lti_sanitize(html):
    """
    Sanitize a html fragment with bleach.
    """
-    allowed_tags = bleach.sanitizer.ALLOWED_TAGS + ['img']
+    allowed_tags = bleach.sanitizer.ALLOWED_TAGS | {'img'}
    allowed_attributes = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES, **{'img': ['src', 'alt']})
    sanitized_html = bleach.clean(html, tags=allowed_tags, attributes=allowed_attributes)
    return mark_safe(sanitized_html)