#34600 closed Cleanup/optimization (fixed)
Review reference to bleach in docs
| Reported by: | David Smith | Owned by: | Akash Kumar Sen |
|---|---|---|---|
| Component: | Documentation | Version: | 4.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
The django docs make a couple of references to bleach to sanitise user input. However bleach is deprecated. Should we either remove this reference, or find another library to reference?
Docs- https://docs.djangoproject.com/en/4.2/ref/templates/builtins/#striptags
Change History (10)
comment:1 by , 2 years ago
| Component: | Uncategorized → Documentation |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
comment:2 by , 2 years ago
Is the goal here to just drop the reference to any HTML sanitizer, or shall we try to find a decent (and maintained) replacement?
It seems from this forum post that perhaps html-sanitizer may be a good alternative. There is also another one written in rust with non official python bindings available.
comment:3 by , 2 years ago
I think generally django avoids referring to 3rd party packages? Maybe we could reference the use of a sanitizer but without making a recommendation.
Maybe something like...
If you are looking for something more robust, you should investigate using a 3rd party HTML-sanitizing tool.
comment:4 by , 2 years ago
| Easy pickings: | set |
|---|
Thanks David, makes sense not to endorse any particular library, +1 to your suggestion.
comment:5 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:6 by , 2 years ago
| Has patch: | set |
|---|
comment:8 by , 2 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Agreed, we should no longer advertise
bleach.