diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py index 33fe9936..b7a889b1 100644 --- a/app/classes/web/base_handler.py +++ b/app/classes/web/base_handler.py @@ -2,7 +2,7 @@ import logging import re import typing as t import orjson -import bleach +import nh3 import tornado.web from app.classes.models.crafty_permissions import EnumPermissionsCrafty @@ -101,7 +101,7 @@ class BaseHandler(tornado.web.RequestHandler): if type(text) in self.nobleach: logger.debug("Auto-bleaching - bypass type") return text - return bleach.clean(text) + return nh3.clean(text) def get_argument( self, diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index 696da799..34d27fa2 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -7,7 +7,7 @@ import json import logging import threading import urllib.parse -import bleach +import nh3 import requests import tornado.web import tornado.escape @@ -67,7 +67,7 @@ class PanelHandler(BaseHandler): ) in self.controller.crafty_perms.list_defined_crafty_permissions(): argument = int( float( - bleach.clean( + nh3.clean( self.get_argument(f"permission_{permission.name}", "0") ) ) @@ -79,7 +79,7 @@ class PanelHandler(BaseHandler): q_argument = int( float( - bleach.clean(self.get_argument(f"quantity_{permission.name}", "0")) + nh3.clean(self.get_argument(f"quantity_{permission.name}", "0")) ) ) if q_argument: @@ -479,7 +479,7 @@ class PanelHandler(BaseHandler): template = "panel/dashboard.html" elif page == "server_detail": - subpage = bleach.clean(self.get_argument("subpage", "")) + subpage = nh3.clean(self.get_argument("subpage", "")) server_id = self.check_server_id() if server_id is None: @@ -1284,7 +1284,7 @@ class PanelHandler(BaseHandler): template = "panel/panel_edit_user_apikeys.html" elif page == "remove_user": - user_id = bleach.clean(self.get_argument("id", None)) + user_id = nh3.clean(self.get_argument("id", None)) if ( not superuser diff --git a/app/classes/web/public_handler.py b/app/classes/web/public_handler.py index 76c6a8be..b7d1be9b 100644 --- a/app/classes/web/public_handler.py +++ b/app/classes/web/public_handler.py @@ -1,5 +1,5 @@ import logging -import bleach +import nh3 from app.classes.shared.helpers import Helpers from app.classes.models.users import HelperUsers @@ -28,8 +28,8 @@ class PublicHandler(BaseHandler): # self.clear_cookie("user_data") def get(self, page=None): - error = bleach.clean(self.get_argument("error", "Invalid Login!")) - error_msg = bleach.clean(self.get_argument("error_msg", "")) + error = nh3.clean(self.get_argument("error", "Invalid Login!")) + error_msg = nh3.clean(self.get_argument("error_msg", "")) page_data = { "version": self.helper.get_version_string(), @@ -82,8 +82,8 @@ class PublicHandler(BaseHandler): ) def post(self, page=None): - error = bleach.clean(self.get_argument("error", "Invalid Login!")) - error_msg = bleach.clean(self.get_argument("error_msg", "")) + error = nh3.clean(self.get_argument("error", "Invalid Login!")) + error_msg = nh3.clean(self.get_argument("error_msg", "")) page_data = { "version": self.helper.get_version_string(), @@ -100,8 +100,8 @@ class PublicHandler(BaseHandler): if self.request.query: next_page = "/login?" + self.request.query - entered_username = bleach.clean(self.get_argument("username")) - entered_password = bleach.clean(self.get_argument("password")) + entered_username = nh3.clean(self.get_argument("username")) + entered_password = nh3.clean(self.get_argument("password")) # pylint: disable=no-member try: diff --git a/requirements.txt b/requirements.txt index 4f76592f..18b41a41 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ apscheduler==3.8.1 argon2-cffi==21.3 -bleach==4.1 +nh3==0.2.14 cached_property==1.5.2 colorama==0.4 croniter==1.3.5