Bump pybluemonday version to 0.0.6 and allow HTML comments in sanitized output (#1908)

* Bump pybluemonday version to 0.0.6 * Allow HTML comments in sanitized output * Closes #1906
2025-12-17 05:54:19 +01:00 · 2021-06-11 10:21:03 -04:00
parent c31916057f
commit 3cb67a97ec
3 changed files with 5 additions and 2 deletions
--- a/CTFd/utils/security/sanitize.py
+++ b/CTFd/utils/security/sanitize.py
@@ -92,6 +92,9 @@ SANITIZER.RequireNoFollowOnLinks(True)
 SANITIZER.RequireNoReferrerOnFullyQualifiedLinks(True)
 SANITIZER.RequireNoReferrerOnLinks(True)

+# Allow Comments
+SANITIZER.AllowComments()
+

 def sanitize_html(html):
    return SANITIZER.sanitize(html)
--- a/requirements.in
+++ b/requirements.in
@@ -28,4 +28,4 @@ WTForms==2.3.1
 python-geoacumen==0.0.1
 maxminddb==1.5.4
 tenacity==6.2.0
-pybluemonday==0.0.4
+pybluemonday==0.0.6
--- a/requirements.txt
+++ b/requirements.txt
@@ -39,7 +39,7 @@ marshmallow-sqlalchemy==0.17.0  # via -r requirements.in
 marshmallow==2.20.2       # via -r requirements.in, flask-marshmallow, marshmallow-sqlalchemy
 maxminddb==1.5.4          # via -r requirements.in, python-geoacumen
 passlib==1.7.2            # via -r requirements.in
-pybluemonday==0.0.4       # via -r requirements.in
+pybluemonday==0.0.6       # via -r requirements.in
 pycparser==2.20           # via cffi
 pydantic==1.5.1           # via -r requirements.in
 pymysql==0.9.3            # via -r requirements.in