[Python-modules-team] Bug#949029: python-bleach is failing the autopkg tests with Python 3.8

2020-01-25 Thread Scott Kitterman 
This is due to a breaking change that was inappropriately included in 
python3.8 3.8.1.  See:

https://bugs.python.org/issue27657
https://github.com/mozilla/bleach/issues/503

Rather than "Fixed" in python-bleach, the breaking change in python3.8 should 
be reverted.  Python3 can break python-bleach for real in 3.9.

Scott K

signature.asc
Description: This is a digitally signed message part.
___
Python-modules-team mailing list
Python-modules-team@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team

[Python-modules-team] Bug#949029: python-bleach is failing the autopkg tests with Python 3.8

2020-01-16 Thread Matthias Klose 
Package: src:python-bleach
Version: 3.1.0-2
Severity: serious
Tags: sid bullseye

python-bleach is failing the autopkg tests with Python 3.8:

[...]
autopkgtest [07:36:46]: test py3: [---
= test session starts ==
platform linux -- Python 3.8.1, pytest-4.6.9, py-1.8.0, pluggy-0.13.0
rootdir: /tmp/autopkgtest-lxc.l4h7ii7j/downtmp/build.VsR/src
collected 311 items

tests/test_callbacks.py ..   [  3%]
tests/test_clean.py  [ 19%]
...F.F.F [ 43%]
..   [ 50%]
tests/test_css.py    [ 57%]
tests/test_html5lib_shim.py ...  [ 63%]
tests/test_linkify.py .. [ 80%]
..   [ 96%]
tests/test_unicode.py .  [ 99%]
tests/test_utils.py ...  [100%]

=== FAILURES ===
_ test_uri_value_allowed_protocols[valid-kwargs6-valid] 
_

data = 'valid', kwargs = {'protocols': ['http']}
expected = 'valid'

@pytest.mark.parametrize('data, kwargs, expected', [
# javascript: is not allowed by default
(
'xss',
{},
'xss'
),

# File protocol is not allowed by default
(
'foo',
{},
'foo'
),

# Specified protocols are allowed
(
'allowed href',
{'protocols': ['myprotocol']},
'allowed href'
),

# Unspecified protocols are not allowed
(
'http://example.com";>invalid href',
{'protocols': ['myprotocol']},
'invalid href'
),

# Anchors are ok
(
'foo',
{'protocols': []},
'foo'
),

# Allow implicit http if allowed
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),
(
'valid',
{'protocols': ['http']},
'valid'
),

# Disallow implicit http if disallowed
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),
(
'foo',
{'protocols': []},
'foo'
),

# Disallowed protocols with sneaky character entities
(
'alert',
{},
'alert'
),
(
'alert',
{},
'alert'
),

# Checking the uri should change it at all
(
'http://example.com/?foo bar";>foo',
{},
'http://example.com/?foo bar";>foo'
),
])
def test_uri_value_allowed_protocols(data, kwargs, expected):
>   assert clean(data, **kwargs) == expected
E   assert 'valid' == 'valid'
E - valid
E + valid

tests/test_clean.py:676: AssertionError
_ test_uri_value_allowed_protocols[valid-kwargs8-valid] _

data = 'valid', kwargs = {'protocols': ['http']}
expected = 'valid'

@pytest.mark.parametrize('data, kwargs, expected', [
# javascript: is not allowed by default
(
'xss',
{},
'xss'
),

# File protocol is not allowed by default
(
'foo',
{},
'foo'
),

# Specified protocols are allowed
(
'allowed href',
{'protocols': ['myprotocol']},
'allowed href'
),

# Unspecified protocols are not allowed
(
'http://example.com";>invalid href',
{'protocols': ['myprotocol']},
'invalid href'
),

# Anchors are ok
(
'foo',
{'protocols': []},
'foo'
),

# Allow implic