Skip to content

misc fixups #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

misc fixups #59

wants to merge 2 commits into from

Conversation

devlux76
Copy link

I sync'd with your repo and dependabot and QC bot pointed out some things you may have missed including a faulty regex. I felt the regex one was worthy of notice
Enjoy!

devlux76 and others added 2 commits February 18, 2025 12:15
@devlux76
Create dependabot.yml
1901ba4
@devlux76 @github-advanced-security
Potential fix for code scanning alert no. 3: Bad HTML filtering regexp
ba45c51 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@Grigorij-Dudnik
Copy link
Owner

@devlux76 Thanks for your PR! Let me check.

@Grigorij-Dudnik
Copy link
Owner

@radekrepo Can you please review? I'm dealing with influenza now and don't have a power for it.

@radekrepo
Copy link
Contributor

radekrepo commented Feb 20, 2025 via email

radekrepo
radekrepo reviewed Feb 21, 2025
View reviewed changes
src/utilities/syntax_checker_functions.py
script = re.search(r'<script[^>]*>(.*?)</script>', content, re.DOTALL).group(1)
except AttributeError:
return "Script part has no valid open/closing tags."
script = bleach.clean(content, tags=[], strip=True)
Copy link
Contributor

@radekrepo radekrepo Feb 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have checked that bleach.clean() returns modified content without throwing an error also when tags are incorrectly formatted, unlike the previous version of this script.

If this is the intention of using bleach.clean(), then all good. Otherwise, it may be hard to interpret for user the behaviour of the script.

Examples of html work with bleach.clean() without throwing an error:

html = """<p   >This <a href="book"> book </a attr="test"> will help you</p  >"""
html = """<p   >This <a href="book"> book </a attr="test"> will help you< >"""

note the missing closing of "/p" in the second object

Copy link
Contributor

@radekrepo radekrepo Feb 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The old version of code threw an AttributeError on both example objects. It may be a bit too sensitive because the upper example looks like it has all of the opening & closing tags. It was only missing correctly formatted <script> and </script> tags.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I may misunderstand the importance of the "script" tag.

@Grigorij-Dudnik
Copy link
Owner

@devlux76 Part of your PR with dependabot I think is very good one and let's proceed with it.

What about the changes in vue linter, bleach.clean() not finds content of <script> part of vue file as intended. It just provides on output entire vue file without html tags - styles and texts inside of template part are still left there.

@Grigorij-Dudnik
Copy link
Owner

Hey @devlux76, can you please remove changes related to bleach and syntax checkers, but leave dependabot changes? We'll be happy to merge it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@radekrepo radekrepo radekrepo left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@devlux76 @Grigorij-Dudnik @radekrepo