7 files changed, 25 insertions, 66 deletions

diff --git a/debian/patches/releasing-package-isso-version-0.10.4-1 b/debian/patches/releasing-package-isso-version-0.10.4-1
deleted file mode 100644
index 0fa8c71..0000000
--- a/debian/patches/releasing-package-isso-version-0.10.4-1
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: releasing package isso version 0.10.4-1
-Author: Jelmer Vernooij <jelmer@jelmer.uk>
-X-Dgit-Generated: 0.10.4-1 d686606b59babbe1d923c9d27e1a9da0b6c538cb
-
----
-
---- isso-0.10.4.orig/docs/index.html
-+++ isso-0.10.4/docs/index.html
-@@ -58,6 +58,8 @@
-     <p>
-         <a href="{{ pathto('contribute') }}">Write Code</a>,
-         <a href="https://www.transifex.com/projects/p/isso/">Translate</a> or
-+        <a href="https://flattr.com/thing/2059355/posativisso-on-GitHub">Flattr
-+        <img src="{{ pathto('_static/flattr.png', 1) }}" alt="Flattr icon"/></a>.
-     </p>
- 
-     {% include "searchbox.html" %}
diff --git a/debian/patches/series b/debian/patches/series
index 620558c..52fe940 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,2 @@
 0001-use-bleach.patch
 0002-remove-flattr.patch
-releasing-package-isso-version-0.10.4-1
diff --git a/docs/index.html b/docs/index.html
index 172fbb5..eeb253d 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -58,8 +58,6 @@
     <p>
         <a href="{{ pathto('contribute') }}">Write Code</a>,
         <a href="https://www.transifex.com/projects/p/isso/">Translate</a> or
-        <a href="https://flattr.com/thing/2059355/posativisso-on-GitHub">Flattr
-        <img src="{{ pathto('_static/flattr.png', 1) }}" alt="Flattr icon"/></a>.
     </p>
 
     {% include "searchbox.html" %}
diff --git a/isso/tests/test_html.py b/isso/tests/test_html.py
index b1be6dc..9d92615 100644
--- a/isso/tests/test_html.py
+++ b/isso/tests/test_html.py
@@ -63,7 +63,6 @@ class TestHTML(unittest.TestCase):
             print("Hello, World")
             </code></pre>""")
 
-    @unittest.skipIf(html.HTML5LIB_VERSION <= html.HTML5LIB_SIMPLETREE, "backport")
     def test_sanitizer(self):
         sanitizer = html.Sanitizer(elements=[], attributes=[])
         examples = [
@@ -74,9 +73,8 @@ class TestHTML(unittest.TestCase):
             ('<script>alert("Onoe")</script>', 'alert("Onoe")')]
 
         for (input, expected) in examples:
-            self.assertEqual(html.sanitize(sanitizer, input), expected)
+            self.assertEqual(sanitizer.sanitize(input), expected)
 
-    @unittest.skipIf(html.HTML5LIB_VERSION <= html.HTML5LIB_SIMPLETREE, "backport")
     def test_sanitizer_extensions(self):
         sanitizer = html.Sanitizer(elements=["img"], attributes=["src"])
         examples = [
@@ -84,7 +82,7 @@ class TestHTML(unittest.TestCase):
             ('<script src="doge.js"></script>', '')]
 
         for (input, expected) in examples:
-            self.assertEqual(html.sanitize(sanitizer, input), expected)
+            self.assertEqual(sanitizer.sanitize(input), expected)
 
     def test_render(self):
         conf = config.new({
diff --git a/isso/utils/html.py b/isso/utils/html.py
index 294b8d4..c0a20e4 100644
--- a/isso/utils/html.py
+++ b/isso/utils/html.py
@@ -7,56 +7,36 @@ import pkg_resources
 
 from distutils.version import LooseVersion as Version
 
-HTML5LIB_VERSION = Version(pkg_resources.get_distribution("html5lib").version)
-HTML5LIB_SIMPLETREE = Version("0.95")
-
 from isso.compat import reduce
 
-import html5lib
-from html5lib.sanitizer import HTMLSanitizer
-from html5lib.serializer import HTMLSerializer
+import bleach
 
 import misaka
 
 
-def Sanitizer(elements, attributes):
-
-    class Inner(HTMLSanitizer):
-
-        # attributes found in Sundown's HTML serializer [1] except for <img> tag,
-        # because images are not generated anyways.
-        #
-        # [1] https://github.com/vmg/sundown/blob/master/html/html.c
-        allowed_elements = ["a", "p", "hr", "br", "ol", "ul", "li",
-                            "pre", "code", "blockquote",
-                            "del", "ins", "strong", "em",
-                            "h1", "h2", "h3", "h4", "h5", "h6",
-                            "table", "thead", "tbody", "th", "td"] + elements
-
-        # href for <a> and align for <table>
-        allowed_attributes = ["align", "href"] + attributes
-
-        # remove disallowed tokens from the output
-        def disallowed_token(self, token, token_type):
-            return None
-
-    return Inner
-
+# attributes found in Sundown's HTML serializer [1] except for <img> tag,
+# because images are not generated anyways.
+#
+# [1] https://github.com/vmg/sundown/blob/master/html/html.c
+ALLOWED_ELEMENTS = ["a", "p", "hr", "br", "ol", "ul", "li",
+                    "pre", "code", "blockquote",
+                    "del", "ins", "strong", "em",
+                    "h1", "h2", "h3", "h4", "h5", "h6",
+                    "table", "thead", "tbody", "th", "td"]
 
-def sanitize(tokenizer, document):
+# href for <a> and align for <table>
+ALLOWED_ATTRIBUTES = ["align", "href"]
 
-    parser = html5lib.HTMLParser(tokenizer=tokenizer)
-    domtree = parser.parseFragment(document)
 
-    if HTML5LIB_VERSION > HTML5LIB_SIMPLETREE:
-        builder = "etree"
-    else:
-        builder = "simpletree"
+class Sanitizer(object):
 
-    stream = html5lib.treewalkers.getTreeWalker(builder)(domtree)
-    serializer = HTMLSerializer(quote_attr_values=True, omit_optional_tags=False)
+    def __init__(self, elements, attributes):
+        self.elements = ALLOWED_ELEMENTS + elements
+        self.attributes = ALLOWED_ATTRIBUTES + attributes
 
-    return serializer.render(stream)
+    def sanitize(self, text):
+        return bleach.clean(text, tags=self.elements,
+            attributes=self.attributes, strip=True)
 
 
 def Markdown(extensions=("strikethrough", "superscript", "autolink")):
@@ -96,7 +76,7 @@ class Markup(object):
             conf.getlist("allowed-elements"),
             conf.getlist("allowed-attributes"))
 
-        self._render = lambda text: sanitize(sanitizer, parser(text))
+        self._render = lambda text: sanitizer.sanitize(parser(text))
 
     def render(self, text):
         return self._render(text)
diff --git a/setup.py b/setup.py
index 793ede2..2a45f99 100644
--- a/setup.py
+++ b/setup.py
@@ -5,7 +5,7 @@ import sys
 
 from setuptools import setup, find_packages
 
-requires = ['itsdangerous', 'misaka>=1.0,<2.0', 'html5lib==0.9999999']
+requires = ['itsdangerous', 'misaka>=1.0,<2.0', 'html5lib', 'bleach']
 
 if (3, 0) <= sys.version_info < (3, 3):
     raise SystemExit("Python 3.0, 3.1 and 3.2 are not supported")
diff --git a/tox.ini b/tox.ini
index 06d29de..9874dd4 100755
--- a/tox.ini
+++ b/tox.ini
@@ -23,7 +23,8 @@ deps =
 
 [testenv:debian]
 deps=
-    html5lib==0.95
+    bleach
+    html5lib
     ipaddr==2.1.10
     itsdangerous==0.22
     misaka==1.0.2