Replace all instances of bleach with nh3.

Using latest version of nh3.

app/classes/web/base_handler.py

@@ -2,7 +2,7 @@ import logging
 import re
 import typing as t
 import orjson
-import bleach
+import nh3
 import tornado.web
 
 from app.classes.models.crafty_permissions import EnumPermissionsCrafty
@@ -101,7 +101,7 @@ class BaseHandler(tornado.web.RequestHandler):
         if type(text) in self.nobleach:
             logger.debug("Auto-bleaching - bypass type")
             return text
-        return bleach.clean(text)
+        return nh3.clean(text)
 
     def get_argument(
         self,

app/classes/web/panel_handler.py

@@ -7,7 +7,7 @@ import json
 import logging
 import threading
 import urllib.parse
-import bleach
+import nh3
 import requests
 import tornado.web
 import tornado.escape
@@ -67,7 +67,7 @@ class PanelHandler(BaseHandler):
         ) in self.controller.crafty_perms.list_defined_crafty_permissions():
             argument = int(
                 float(
-                    bleach.clean(
+                    nh3.clean(
                         self.get_argument(f"permission_{permission.name}", "0")
                     )
                 )
@@ -79,7 +79,7 @@ class PanelHandler(BaseHandler):
 
             q_argument = int(
                 float(
-                    bleach.clean(self.get_argument(f"quantity_{permission.name}", "0"))
+                    nh3.clean(self.get_argument(f"quantity_{permission.name}", "0"))
                 )
             )
             if q_argument:
@@ -479,7 +479,7 @@ class PanelHandler(BaseHandler):
             template = "panel/dashboard.html"
 
         elif page == "server_detail":
-            subpage = bleach.clean(self.get_argument("subpage", ""))
+            subpage = nh3.clean(self.get_argument("subpage", ""))
 
             server_id = self.check_server_id()
             if server_id is None:
@@ -1284,7 +1284,7 @@ class PanelHandler(BaseHandler):
             template = "panel/panel_edit_user_apikeys.html"
 
         elif page == "remove_user":
-            user_id = bleach.clean(self.get_argument("id", None))
+            user_id = nh3.clean(self.get_argument("id", None))
 
             if (
                 not superuser

app/classes/web/public_handler.py

@@ -1,5 +1,5 @@
 import logging
-import bleach
+import nh3
 
 from app.classes.shared.helpers import Helpers
 from app.classes.models.users import HelperUsers
@@ -28,8 +28,8 @@ class PublicHandler(BaseHandler):
             # self.clear_cookie("user_data")
 
     def get(self, page=None):
-        error = bleach.clean(self.get_argument("error", "Invalid Login!"))
+        error = nh3.clean(self.get_argument("error", "Invalid Login!"))
-        error_msg = bleach.clean(self.get_argument("error_msg", ""))
+        error_msg = nh3.clean(self.get_argument("error_msg", ""))
 
         page_data = {
             "version": self.helper.get_version_string(),
@@ -82,8 +82,8 @@ class PublicHandler(BaseHandler):
         )
 
     def post(self, page=None):
-        error = bleach.clean(self.get_argument("error", "Invalid Login!"))
+        error = nh3.clean(self.get_argument("error", "Invalid Login!"))
-        error_msg = bleach.clean(self.get_argument("error_msg", ""))
+        error_msg = nh3.clean(self.get_argument("error_msg", ""))
 
         page_data = {
             "version": self.helper.get_version_string(),
@@ -100,8 +100,8 @@ class PublicHandler(BaseHandler):
             if self.request.query:
                 next_page = "/login?" + self.request.query
 
-            entered_username = bleach.clean(self.get_argument("username"))
+            entered_username = nh3.clean(self.get_argument("username"))
-            entered_password = bleach.clean(self.get_argument("password"))
+            entered_password = nh3.clean(self.get_argument("password"))
 
             # pylint: disable=no-member
             try:

requirements.txt

@@ -1,7 +1,7 @@
 
 apscheduler==3.8.1
 argon2-cffi==21.3
-bleach==4.1
+nh3==0.2.14
 cached_property==1.5.2
 colorama==0.4
 croniter==1.3.5