diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4af8ce1f..62527138 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
# Changelog
## --- [4.2.0] - 2023/TBD
### New features
-- Finish and Activate Arcadia notification backend ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/621))
+- Finish and Activate Arcadia notification backend ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/621) | [Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/626))
### Bug fixes
- PWA: Removed the custom offline page in favour of browser default ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/607))
- Fix hidden servers appearing visible on public mobile status page ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/612))
@@ -10,9 +10,11 @@
- Bump crypto to resolve #267 & #268 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/622))
### Refactor
- Consolidate remaining frontend functions into API V2, and remove ajax internal API ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/585))
+- Replace bleach with nh3 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/628))
### Tweaks
- Polish/Enhance display for InApp Documentation ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/613))
- Add get_users command to Crafty's console ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/620))
+- Make files hover cursor pointer ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/627))
### Lang
TBD
diff --git a/app/classes/web/base_handler.py b/app/classes/web/base_handler.py
index 33fe9936..b7a889b1 100644
--- a/app/classes/web/base_handler.py
+++ b/app/classes/web/base_handler.py
@@ -2,7 +2,7 @@ import logging
import re
import typing as t
import orjson
-import bleach
+import nh3
import tornado.web
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
@@ -101,7 +101,7 @@ class BaseHandler(tornado.web.RequestHandler):
if type(text) in self.nobleach:
logger.debug("Auto-bleaching - bypass type")
return text
- return bleach.clean(text)
+ return nh3.clean(text)
def get_argument(
self,
diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index 696da799..f55da4ba 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -7,7 +7,7 @@ import json
import logging
import threading
import urllib.parse
-import bleach
+import nh3
import requests
import tornado.web
import tornado.escape
@@ -67,9 +67,7 @@ class PanelHandler(BaseHandler):
) in self.controller.crafty_perms.list_defined_crafty_permissions():
argument = int(
float(
- bleach.clean(
- self.get_argument(f"permission_{permission.name}", "0")
- )
+ nh3.clean(self.get_argument(f"permission_{permission.name}", "0"))
)
)
if argument:
@@ -78,9 +76,7 @@ class PanelHandler(BaseHandler):
)
q_argument = int(
- float(
- bleach.clean(self.get_argument(f"quantity_{permission.name}", "0"))
- )
+ float(nh3.clean(self.get_argument(f"quantity_{permission.name}", "0")))
)
if q_argument:
server_quantity[permission.name] = q_argument
@@ -479,7 +475,7 @@ class PanelHandler(BaseHandler):
template = "panel/dashboard.html"
elif page == "server_detail":
- subpage = bleach.clean(self.get_argument("subpage", ""))
+ subpage = nh3.clean(self.get_argument("subpage", ""))
server_id = self.check_server_id()
if server_id is None:
@@ -1284,7 +1280,7 @@ class PanelHandler(BaseHandler):
template = "panel/panel_edit_user_apikeys.html"
elif page == "remove_user":
- user_id = bleach.clean(self.get_argument("id", None))
+ user_id = nh3.clean(self.get_argument("id", None))
if (
not superuser
diff --git a/app/classes/web/public_handler.py b/app/classes/web/public_handler.py
index 76c6a8be..b7d1be9b 100644
--- a/app/classes/web/public_handler.py
+++ b/app/classes/web/public_handler.py
@@ -1,5 +1,5 @@
import logging
-import bleach
+import nh3
from app.classes.shared.helpers import Helpers
from app.classes.models.users import HelperUsers
@@ -28,8 +28,8 @@ class PublicHandler(BaseHandler):
# self.clear_cookie("user_data")
def get(self, page=None):
- error = bleach.clean(self.get_argument("error", "Invalid Login!"))
- error_msg = bleach.clean(self.get_argument("error_msg", ""))
+ error = nh3.clean(self.get_argument("error", "Invalid Login!"))
+ error_msg = nh3.clean(self.get_argument("error_msg", ""))
page_data = {
"version": self.helper.get_version_string(),
@@ -82,8 +82,8 @@ class PublicHandler(BaseHandler):
)
def post(self, page=None):
- error = bleach.clean(self.get_argument("error", "Invalid Login!"))
- error_msg = bleach.clean(self.get_argument("error_msg", ""))
+ error = nh3.clean(self.get_argument("error", "Invalid Login!"))
+ error_msg = nh3.clean(self.get_argument("error_msg", ""))
page_data = {
"version": self.helper.get_version_string(),
@@ -100,8 +100,8 @@ class PublicHandler(BaseHandler):
if self.request.query:
next_page = "/login?" + self.request.query
- entered_username = bleach.clean(self.get_argument("username"))
- entered_password = bleach.clean(self.get_argument("password"))
+ entered_username = nh3.clean(self.get_argument("username"))
+ entered_password = nh3.clean(self.get_argument("password"))
# pylint: disable=no-member
try:
diff --git a/app/frontend/templates/notify.html b/app/frontend/templates/notify.html
index 98d366e7..77b72780 100644
--- a/app/frontend/templates/notify.html
+++ b/app/frontend/templates/notify.html
@@ -65,6 +65,7 @@
-
diff --git a/requirements.txt b/requirements.txt
index 2a4262d9..1ffd6ac2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,12 +1,12 @@
apscheduler==3.8.1
argon2-cffi==21.3
-bleach==4.1
cached_property==1.5.2
colorama==0.4
croniter==1.3.5
cryptography==41.0.3
libgravatar==1.0.0
+nh3==0.2.14
packaging==23.1
peewee==3.13
pexpect==4.8