django-summernote
django-summernote copied to clipboard
summernote
5.x version of bleach causes an unexpected keyword argument
The newest version of bleach changed the parameters in the clean method (source: https://bleach.readthedocs.io/en/latest/changes.html#version-5-0-0-april-7th-2022). This causes the error: clean() got an unexpected keyword argument 'styles' when attempting to save a model with a SummernoteTextField.
Note: I was able to get my app running again by changing my requirements.txt file to bleach==4.10. Forcing the previous bleach version.
I got the same error after updating to version 5.x . My custom cleaner function running before saving models showed me the error and i got it running after changing the argument.
The argument styles changed to css_sanitizer.
Before:
cleaner = Cleaner(tags=tags,attributes=attrs,styles=styles)
After:
cleaner = Cleaner(tags=tags,attributes=attrs,css_sanitizer=styles)
5UP. I ran into an error that got me here and wanted to add, there aint a 4.10;
ERROR: Could not find a version that satisfies the requirement bleach==4.10 (from versions: 0.2.1, 0.2.2, 0.3, 0.3.1, 0.3.3, 0.3.4, 0.5.0, 0.5.1, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2, 1.2.1, 1.2.2, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 2.0.0, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 4.0.0, 4.1.0, 5.0.0, 5.0.1, 6.0.0)
#0 9.016 ERROR: No matching distribution found for bleach==4.10
I wound up forking the (outdate package, django-html_sanitizer) and merged a bunch of changes some other forks had that brought it up to 3.6+ standards. It worked. This suggests to me upgrading old packages to keep up is the best path forward.
The newest version of bleach changed the parameters in the clean method (source: https://bleach.readthedocs.io/en/latest/changes.html#version-5-0-0-april-7th-2022). This causes the error: clean() got an unexpected keyword argument 'styles' when attempting to save a model with a SummernoteTextField.
Note: I was able to get my app running again by changing my requirements.txt file to bleach==4.10. Forcing the previous bleach version.
FWIW, I got
ERROR: Could not find a version that satisfies the requirement bleach==4.10 (from versions: 0.2.1, 0.2.2, 0.3, 0.3.1, 0.3.3, 0.3.4, 0.5.0, 0.5.1, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2, 1.2.1, 1.2.2, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 2.0.0, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 4.0.0, 4.1.0, 5.0.0, 5.0.1, 6.0.0)
ERROR: No matching distribution found for bleach==4.10
So did pip install bleach==4.1.0, and now this finally works
jupyter nbconvert --to html 06-notebook.ipynb
I solved this problem by using models.TextField instead of SummernoteTextField in my models.py for the field I want to edit using Summernote.
@abdelhai95 if your field is accessible to the public then by using a TextField you're potentially opening yourself up to a injection attack
Warning: Please mind, that the widget does not provide any escaping. If you expose the widget to external users without taking care of this, it could potentially lead to an injection vulnerability. Therefore you can use the SummernoteTextFormField or SummernoteTextField, which escape all harmful tags through mozilla's package bleach:
