From 27029edf1deaacaff2f8e2a6f6715659f0393199 Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@tcril.org>
Date: Mon, 30 Jan 2023 10:56:07 -0500
Subject: [PATCH] fix: Deal with backward incompatible changes in bleach.

The `bleach` library now expects sets as input for a few parameters and
their defaults have been updated to reflect that.  So we needed to do
some set unions instead of adding lists together in a few places.

Details of the changes can be found here: https://bleach.readthedocs.io/en/latest/changes.html#version-6-0-0-january-23rd-2023
---
 lti_consumer/lti_xblock.py                | 2 +-
 lti_consumer/templatetags/lti_sanitize.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lti_consumer/lti_xblock.py b/lti_consumer/lti_xblock.py
index aae2678..3fe04ff 100644
--- a/lti_consumer/lti_xblock.py
+++ b/lti_consumer/lti_xblock.py
@@ -1585,7 +1585,7 @@ class LtiConsumerXBlock(StudioEditableXBlockMixin, XBlock):
         # For more context on ALLOWED_TAGS and ALLOWED_ATTRIBUTES
         # Look into this documentation URL see https://bleach.readthedocs.io/en/latest/clean.html#allowed-tags-tags
         # This lets all plaintext through.
-        allowed_tags = bleach.sanitizer.ALLOWED_TAGS + ['img']
+        allowed_tags = bleach.sanitizer.ALLOWED_TAGS | {'img'}
         allowed_attributes = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES, **{'img': ['src', 'alt']})
         sanitized_comment = bleach.clean(self.score_comment, tags=allowed_tags, attributes=allowed_attributes)
 
diff --git a/lti_consumer/templatetags/lti_sanitize.py b/lti_consumer/templatetags/lti_sanitize.py
index 35caaeb..bbb73f1 100644
--- a/lti_consumer/templatetags/lti_sanitize.py
+++ b/lti_consumer/templatetags/lti_sanitize.py
@@ -13,7 +13,7 @@ def lti_sanitize(html):
     """
     Sanitize a html fragment with bleach.
     """
-    allowed_tags = bleach.sanitizer.ALLOWED_TAGS + ['img']
+    allowed_tags = bleach.sanitizer.ALLOWED_TAGS | {'img'}
     allowed_attributes = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES, **{'img': ['src', 'alt']})
     sanitized_html = bleach.clean(html, tags=allowed_tags, attributes=allowed_attributes)
     return mark_safe(sanitized_html)
-- 
GitLab