Package: src:python-bleach
Version: 3.1.0-2
Severity: serious
Tags: sid bullseye
python-bleach is failing the autopkg tests with Python 3.8:
[...]
autopkgtest [07:36:46]: test py3: [---
= test session starts ==
platform linux -- Python 3.8.1, pytest-4.6.9, py-1.8.0, pluggy-0.13.0
rootdir: /tmp/autopkgtest-lxc.l4h7ii7j/downtmp/build.VsR/src
collected 311 items
tests/test_callbacks.py .. [ 3%]
tests/test_clean.py [ 19%]
...F.F.F [ 43%]
.. [ 50%]
tests/test_css.py [ 57%]
tests/test_html5lib_shim.py ... [ 63%]
tests/test_linkify.py .. [ 80%]
.. [ 96%]
tests/test_unicode.py . [ 99%]
tests/test_utils.py ... [100%]
=== FAILURES ===
_ test_uri_value_allowed_protocols[valid-kwargs6-valid]
_
data = 'valid', kwargs = {'protocols': ['http']}
expected = 'valid'
@pytest.mark.parametrize('data, kwargs, expected', [
# javascript: is not allowed by default
(
'xss',
{},
'xss'
),
# File protocol is not allowed by default
(
'foo',
{},
'foo'
),
# Specified protocols are allowed
(
'allowed href',
{'protocols': ['myprotocol']},
'allowed href'
),
# Unspecified protocols are not allowed
(
'http://example.com";>invalid href',
{'protocols': ['myprotocol']},
'invalid href'
),
# Anchors are ok
(
'foo',
{'protocols': []},
'foo'
),
# Allow implicit http if allowed
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
# Disallow implicit http if disallowed
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
# Disallowed protocols with sneaky character entities
(
'alert',
{},
'alert'
),
(
'alert',
{},
'alert'
),
# Checking the uri should change it at all
(
'http://example.com/?foo bar";>foo',
{},
'http://example.com/?foo bar";>foo'
),
])
def test_uri_value_allowed_protocols(data, kwargs, expected):
> assert clean(data, **kwargs) == expected
E assert 'valid' == 'valid'
E - valid
E + valid
tests/test_clean.py:676: AssertionError
_ test_uri_value_allowed_protocols[valid-kwargs8-valid] _
data = 'valid', kwargs = {'protocols': ['http']}
expected = 'valid'
@pytest.mark.parametrize('data, kwargs, expected', [
# javascript: is not allowed by default
(
'xss',
{},
'xss'
),
# File protocol is not allowed by default
(
'foo',
{},
'foo'
),
# Specified protocols are allowed
(
'allowed href',
{'protocols': ['myprotocol']},
'allowed href'
),
# Unspecified protocols are not allowed
(
'http://example.com";>invalid href',
{'protocols': ['myprotocol']},
'invalid href'
),
# Anchors are ok
(
'foo',
{'protocols': []},
'foo'
),
# Allow implic