From 7ead30014cb3547b599df109f7cf64687d899388 Mon Sep 17 00:00:00 2001
From: TLSM <duolsm@outlook.com>
Date: Tue, 24 May 2022 20:27:41 -0400
Subject: [PATCH] Upgrade bleach to 5.0.0.

---
 files/helpers/sanitize.py | 13 +++++++------
 requirements.txt          |  3 ++-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 9eba0fc94..f93d68198 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -1,5 +1,6 @@
 import bleach
 from bs4 import BeautifulSoup
+from bleach.css_sanitizer import CSSSanitizer
 from bleach.linkifier import LinkifyFilter, build_url_re
 from functools import partial
 from .get import *
@@ -37,6 +38,8 @@ allowed_tags = ('b','blockquote','br','code','del','em','h1','h2','h3','h4','h5'
 	'li','ol','p','pre','strong','sub','sup','table','tbody','th','thead','td','tr','ul',
 	'marquee','a','span','ruby','rp','rt','spoiler','img','lite-youtube','video','source','audio')
 
+allowed_styles = ['color', 'background-color', 'font-weight', 'text-align',]
+
 def allowed_attributes(tag, name, value):
 
 	if name == 'style': return True
@@ -298,17 +301,15 @@ def sanitize(sanitized, alert=False, comment=False, edit=False):
 
 	sanitized = sanitized.replace('<html><body>','').replace('</body></html>','')
 
-
-
+	css_sanitizer = CSSSanitizer(allowed_css_properties=allowed_styles)
 	sanitized = bleach.Cleaner(tags=allowed_tags,
 								attributes=allowed_attributes,
 								protocols=['http', 'https'],
-								styles=['color', 'background-color', 'font-weight', 'text-align'],
-								filters=[partial(LinkifyFilter, skip_tags=["pre"], parse_email=False, callbacks=[callback], url_re=url_re)]
+								css_sanitizer=css_sanitizer,
+								filters=[partial(LinkifyFilter, skip_tags=["pre"], 
+									parse_email=False, callbacks=[callback], url_re=url_re)]
 								).clean(sanitized)
 
-
-
 	soup = BeautifulSoup(sanitized, 'lxml')
 
 	links = soup.find_all("a")
diff --git a/requirements.txt b/requirements.txt
index 2c8c517f6..ab7e6879d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,6 @@
 beautifulsoup4
-bleach==4.1.0
+bleach
+bleach[css]
 Flask
 Flask-Caching
 Flask-Compress