diff --git a/docs/requirements.txt b/docs/requirements.txt index 7417a624c035..85cd466c0e34 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -254,7 +254,6 @@ markdown==3.10.2 \ --hash=sha256:994d51325d25ad8aa7ce4ebaec003febcce822c3f8c911e3b17c52f7f589f950 \ --hash=sha256:e91464b71ae3ee7afd3017d9f358ef0baf158fd9a298db92f1d4761133824c36 # via - # -c src/backend/requirements.txt # mkdocs # mkdocs-autorefs # mkdocs-material diff --git a/src/backend/InvenTree/InvenTree/helpers.py b/src/backend/InvenTree/InvenTree/helpers.py index 7b7cef24d524..01ad445ffe96 100644 --- a/src/backend/InvenTree/InvenTree/helpers.py +++ b/src/backend/InvenTree/InvenTree/helpers.py @@ -29,12 +29,6 @@ from stdimage.models import StdImageField, StdImageFieldFile from common.currency import currency_code_default -from InvenTree.sanitizer import ( - DEAFAULT_ATTRS, - DEFAULT_CSS, - DEFAULT_PROTOCOLS, - DEFAULT_TAGS, -) logger = structlog.get_logger('inventree') @@ -939,63 +933,6 @@ def remove_non_printable_characters(value: str, remove_newline=True) -> str: return cleaned -def clean_markdown(value: str) -> str: - """Clean a markdown string. - - This function will remove javascript and other potentially harmful content from the markdown string. - """ - import markdown - - try: - markdownify_settings = settings.MARKDOWNIFY['default'] - except (AttributeError, KeyError): - markdownify_settings = {} - - extensions = markdownify_settings.get('MARKDOWN_EXTENSIONS', []) - extension_configs = markdownify_settings.get('MARKDOWN_EXTENSION_CONFIGS', {}) - - # Generate raw HTML from provided markdown (without sanitizing) - # Note: The 'html' output_format is required to generate self closing tags, e.g. instead of - html = markdown.markdown( - value or '', - extensions=extensions, - extension_configs=extension_configs, - output_format='html', - ) - - # nh3 sanitizer settings - whitelist_tags = markdownify_settings.get('WHITELIST_TAGS', DEFAULT_TAGS) - whitelist_attrs = markdownify_settings.get('WHITELIST_ATTRS', DEAFAULT_ATTRS) - whitelist_styles = markdownify_settings.get('WHITELIST_STYLES', DEFAULT_CSS) - whitelist_protocols = markdownify_settings.get( - 'WHITELIST_PROTOCOLS', DEFAULT_PROTOCOLS - ) - - # Convert bleach-style attributes (list or dict) to nh3-compatible dict format - if isinstance(whitelist_attrs, (list, tuple, set, frozenset)): - attrs_dict = {'*': set(whitelist_attrs)} - elif isinstance(whitelist_attrs, dict): - attrs_dict = {tag: set(allowed) for tag, allowed in whitelist_attrs.items()} - else: - attrs_dict = None - - # Clean the HTML content (for comparison). This must be the same as the original content - clean_html = nh3.clean( - html, - tags=set(whitelist_tags), - attributes=attrs_dict, - url_schemes=set(whitelist_protocols), - filter_style_properties=set(whitelist_styles), - link_rel=None, - strip_comments=True, - ) - - if html != clean_html: - raise ValidationError(_('Data contains prohibited markdown content')) - - return value - - def hash_barcode(barcode_data: str) -> str: """Calculate a 'unique' hash for a barcode string. diff --git a/src/backend/InvenTree/InvenTree/mixins.py b/src/backend/InvenTree/InvenTree/mixins.py index 7d181fb99574..f8db456eaa47 100644 --- a/src/backend/InvenTree/InvenTree/mixins.py +++ b/src/backend/InvenTree/InvenTree/mixins.py @@ -8,11 +8,7 @@ import data_exporter.mixins import importer.mixins from InvenTree.fields import InvenTreeNotesField, OutputConfiguration -from InvenTree.helpers import ( - clean_markdown, - remove_non_printable_characters, - strip_html_tags, -) +from InvenTree.helpers import remove_non_printable_characters, strip_html_tags from InvenTree.schema import schema_for_view_output_options from InvenTree.serializers import FilterableSerializerMixin @@ -56,7 +52,6 @@ def clean_string(self, field: str, data: str) -> str: # By default, newline characters are removed remove_newline = True - is_markdown = False try: if hasattr(self, 'serializer_class'): @@ -69,7 +64,6 @@ def clean_string(self, field: str, data: str) -> str: for field_type in allow_newline: if issubclass(type(field_base), field_type[0]): remove_newline = False - is_markdown = field_type[1] break except AttributeError: @@ -83,9 +77,6 @@ def clean_string(self, field: str, data: str) -> str: cleaned = strip_html_tags(cleaned, field_name=field) - if is_markdown: - cleaned = clean_markdown(cleaned) - return cleaned def clean_data(self, data: dict) -> dict: diff --git a/src/backend/InvenTree/InvenTree/setting/markdown.py b/src/backend/InvenTree/InvenTree/setting/markdown.py deleted file mode 100644 index 13bdca3cd7bf..000000000000 --- a/src/backend/InvenTree/InvenTree/setting/markdown.py +++ /dev/null @@ -1,44 +0,0 @@ -"""Configuration options for django-markdownify. - -Ref: https://django-markdownify.readthedocs.io/en/latest/settings.html -""" - - -def markdownify_config(): - """Return configuration dictionary for django-markdownify.""" - return { - 'default': { - 'BLEACH': True, - 'WHITELIST_ATTRS': ['href', 'src', 'alt'], - 'MARKDOWN_EXTENSIONS': ['markdown.extensions.extra'], - 'WHITELIST_TAGS': [ - 'a', - 'abbr', - 'b', - 'blockquote', - 'code', - 'em', - 'h1', - 'h2', - 'h3', - 'h4', - 'h5', - 'hr', - 'i', - 'img', - 'li', - 'ol', - 'p', - 'pre', - 's', - 'strong', - 'table', - 'thead', - 'tbody', - 'th', - 'tr', - 'td', - 'ul', - ], - } - } diff --git a/src/backend/InvenTree/InvenTree/settings.py b/src/backend/InvenTree/InvenTree/settings.py index 3b06820c98d9..6d391051c0ef 100644 --- a/src/backend/InvenTree/InvenTree/settings.py +++ b/src/backend/InvenTree/InvenTree/settings.py @@ -32,16 +32,7 @@ from users.oauth2_scopes import oauth2_scopes from . import config -from .setting import ( - db_backend, - ldap, - locales, - markdown, - spectacular, - storages, - tracing, - worker, -) +from .setting import db_backend, ldap, locales, spectacular, storages, tracing, worker try: import django_stubs_ext @@ -341,7 +332,6 @@ 'corsheaders', # Cross-origin Resource Sharing for DRF 'django_cleanup.apps.CleanupConfig', # Automatically delete orphaned MEDIA files 'mptt', # Modified Preorder Tree Traversal - 'markdownify', # Markdown template rendering 'djmoney', # django-money integration 'djmoney.contrib.exchange', # django-money exchange rates 'error_report', # Error reporting in the admin interface @@ -1066,11 +1056,6 @@ ) # endregion auth -# Markdownify configuration -# Ref: https://django-markdownify.readthedocs.io/en/latest/settings.html - -MARKDOWNIFY = markdown.markdownify_config() - # Ignore these error types for in-database error logging IGNORED_ERRORS = [Http404, HttpResponseGone, django.core.exceptions.PermissionDenied] diff --git a/src/backend/InvenTree/report/templates/report/inventree_build_order_report.html b/src/backend/InvenTree/report/templates/report/inventree_build_order_report.html index dfb177a9fa70..0e420c01cc59 100644 --- a/src/backend/InvenTree/report/templates/report/inventree_build_order_report.html +++ b/src/backend/InvenTree/report/templates/report/inventree_build_order_report.html @@ -4,7 +4,6 @@ {% load report %} {% load barcode %} {% load inventree_extras %} -{% load markdownify %} {% block page_margin %} margin: 2cm; @@ -172,7 +171,7 @@

{% trans "Notes" %}

{% if build.notes %} -{{ build.notes|markdownify }} +{{ build.notes }} {% endif %} {% endblock page_content %} diff --git a/src/backend/InvenTree/report/templates/report/inventree_order_report_base.html b/src/backend/InvenTree/report/templates/report/inventree_order_report_base.html index f099b8425df3..c9f51c2a6785 100644 --- a/src/backend/InvenTree/report/templates/report/inventree_order_report_base.html +++ b/src/backend/InvenTree/report/templates/report/inventree_order_report_base.html @@ -4,7 +4,6 @@ {% load report %} {% load barcode %} {% load inventree_extras %} -{% load markdownify %} {% block page_margin %} margin: 2cm; diff --git a/src/backend/InvenTree/report/templates/report/inventree_purchase_order_report.html b/src/backend/InvenTree/report/templates/report/inventree_purchase_order_report.html index 732925e3e7e7..a28460b4d10a 100644 --- a/src/backend/InvenTree/report/templates/report/inventree_purchase_order_report.html +++ b/src/backend/InvenTree/report/templates/report/inventree_purchase_order_report.html @@ -4,7 +4,6 @@ {% load report %} {% load barcode %} {% load inventree_extras %} -{% load markdownify %} {% block header_content %} diff --git a/src/backend/InvenTree/report/templates/report/inventree_return_order_report.html b/src/backend/InvenTree/report/templates/report/inventree_return_order_report.html index 0dbc062e7114..32d5b27f3d49 100644 --- a/src/backend/InvenTree/report/templates/report/inventree_return_order_report.html +++ b/src/backend/InvenTree/report/templates/report/inventree_return_order_report.html @@ -4,7 +4,6 @@ {% load report %} {% load barcode %} {% load inventree_extras %} -{% load markdownify %} {% block header_content %} diff --git a/src/backend/InvenTree/report/templates/report/inventree_sales_order_report.html b/src/backend/InvenTree/report/templates/report/inventree_sales_order_report.html index a5f4a7575084..013ae7642252 100644 --- a/src/backend/InvenTree/report/templates/report/inventree_sales_order_report.html +++ b/src/backend/InvenTree/report/templates/report/inventree_sales_order_report.html @@ -4,7 +4,6 @@ {% load report %} {% load barcode %} {% load inventree_extras %} -{% load markdownify %} {% block header_content %} diff --git a/src/backend/InvenTree/report/templates/report/inventree_sales_order_shipment_report.html b/src/backend/InvenTree/report/templates/report/inventree_sales_order_shipment_report.html index 98aab3e4ed3e..a2a4fdb74724 100644 --- a/src/backend/InvenTree/report/templates/report/inventree_sales_order_shipment_report.html +++ b/src/backend/InvenTree/report/templates/report/inventree_sales_order_shipment_report.html @@ -4,7 +4,6 @@ {% load report %} {% load barcode %} {% load inventree_extras %} -{% load markdownify %} {% block header_content %} diff --git a/src/backend/InvenTree/report/templates/report/inventree_transfer_order_report.html b/src/backend/InvenTree/report/templates/report/inventree_transfer_order_report.html index 1b88d0275f7d..5b008493d111 100644 --- a/src/backend/InvenTree/report/templates/report/inventree_transfer_order_report.html +++ b/src/backend/InvenTree/report/templates/report/inventree_transfer_order_report.html @@ -4,7 +4,6 @@ {% load report %} {% load barcode %} {% load inventree_extras %} -{% load markdownify %} {% block header_content %} diff --git a/src/backend/requirements-3.14.txt b/src/backend/requirements-3.14.txt index 28255c961100..caba9ffb6fa2 100644 --- a/src/backend/requirements-3.14.txt +++ b/src/backend/requirements-3.14.txt @@ -89,12 +89,6 @@ bcrypt==5.0.0 \ # via # -c src/backend/requirements.txt # paramiko -bleach==4.1.0 \ - --hash=sha256:0900d8b37eba61a802ee40ac0061f8c2b5dee29c1927dd1d233e075ebf5a71da \ - --hash=sha256:4d2651ab93271d1129ac9cbc679f524565cc8a1b791909c4a51eac4446a15994 - # via - # -c src/backend/requirements.txt - # django-markdownify blessed==1.42.0 \ --hash=sha256:34b460b77562ed21f807cfd7c527b983b0cc300c98810c8076f283b7bcd45ba7 \ --hash=sha256:f96c4a6dc664b48e0b832fa732acc16df67abd30f0ec35babf99025982f21852 @@ -535,7 +529,6 @@ django==5.2.14 \ # django-flags # django-ical # django-js-asset - # django-markdownify # django-money # django-oauth-toolkit # django-otp @@ -631,12 +624,6 @@ django-maintenance-mode==0.22.0 \ # via # -c src/backend/requirements.txt # -r src/backend/requirements.in -django-markdownify==0.9.1 \ - --hash=sha256:06ff2994ff09ce030b50de8c6fc5b89b9c25a66796948aff55370716ca1233af \ - --hash=sha256:24ba68b8a5996b6ec9632d11a3fd2e7159cb7e6becd3104e0a9372b5a2a148ef - # via - # -c src/backend/requirements.txt - # -r src/backend/requirements.in django-money==3.6.0 \ --hash=sha256:94402f2831f2726b94ef2da35b4059441b4c0aedfc47b312472200d4ffdf8d73 \ --hash=sha256:a8d249bf3ce6ad7fb953530c920cc85ea7f1137c0fde747a74204ea24ec97ab1 @@ -1178,12 +1165,6 @@ lxml==6.1.1 \ # -c src/backend/requirements.txt # python3-saml # xmlsec -markdown==3.10.2 \ - --hash=sha256:994d51325d25ad8aa7ce4ebaec003febcce822c3f8c911e3b17c52f7f589f950 \ - --hash=sha256:e91464b71ae3ee7afd3017d9f358ef0baf158fd9a298db92f1d4761133824c36 - # via - # -c src/backend/requirements.txt - # django-markdownify markupsafe==3.0.3 \ --hash=sha256:0303439a41979d9e74d18ff5e2dd8c43ed6c6001fd40e5bf2e43f7bd9bbc523f \ --hash=sha256:068f375c472b3e7acbe2d5318dea141359e6900156b5b2ba06a30b169086b91a \ @@ -1479,7 +1460,6 @@ packaging==26.2 \ --hash=sha256:ff452ff5a3e828ce110190feff1178bb1f2ea2281fa2075aadb987c2fb221661 # via # -c src/backend/requirements.txt - # bleach # gunicorn # opentelemetry-instrumentation paramiko==5.0.0 \ @@ -2119,7 +2099,6 @@ six==1.17.0 \ --hash=sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81 # via # -c src/backend/requirements.txt - # bleach # python-dateutil sqlparse==0.5.5 \ --hash=sha256:12a08b3bf3eec877c519589833aed092e2444e68240a3577e8e26148acc7b1ba \ @@ -2215,7 +2194,6 @@ webencodings==0.5.1 \ --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923 # via # -c src/backend/requirements.txt - # bleach # cssselect2 # tinycss2 # tinyhtml5 diff --git a/src/backend/requirements.in b/src/backend/requirements.in index 64800e414d6d..e33a9b460ab0 100644 --- a/src/backend/requirements.in +++ b/src/backend/requirements.in @@ -13,7 +13,6 @@ django-flags # Feature flags django-ical # iCal export for calendar views django-maintenance-mode # Shut down application while reloading etc. django-mailbox # Email scraping -django-markdownify # Markdown rendering django-money # Django app for currency management django-mptt # Modified Preorder Tree Traversal django-redis>=5.0.0 # Redis integration diff --git a/src/backend/requirements.txt b/src/backend/requirements.txt index 6fc804d06946..783902a5bce6 100644 --- a/src/backend/requirements.txt +++ b/src/backend/requirements.txt @@ -87,10 +87,6 @@ bcrypt==5.0.0 \ --hash=sha256:f8429e1c410b4073944f03bd778a9e066e7fad723564a52ff91841d278dfc822 \ --hash=sha256:fc746432b951e92b58317af8e0ca746efe93e66555f1b40888865ef5bf56446b # via paramiko -bleach==4.1.0 \ - --hash=sha256:0900d8b37eba61a802ee40ac0061f8c2b5dee29c1927dd1d233e075ebf5a71da \ - --hash=sha256:4d2651ab93271d1129ac9cbc679f524565cc8a1b791909c4a51eac4446a15994 - # via django-markdownify blessed==1.42.0 \ --hash=sha256:34b460b77562ed21f807cfd7c527b983b0cc300c98810c8076f283b7bcd45ba7 \ --hash=sha256:f96c4a6dc664b48e0b832fa732acc16df67abd30f0ec35babf99025982f21852 @@ -515,7 +511,6 @@ django==5.2.14 \ # django-flags # django-ical # django-js-asset - # django-markdownify # django-money # django-oauth-toolkit # django-otp @@ -585,10 +580,6 @@ django-maintenance-mode==0.22.0 \ --hash=sha256:502f04f845d6996e8add321186b3b9236c3702de7cb0ab14952890af6523b9e5 \ --hash=sha256:a9cf2ba79c9945bd67f98755a6cfd281869d39b3745bbb5d1f571d058657aa85 # via -r src/backend/requirements.in -django-markdownify==0.9.1 \ - --hash=sha256:06ff2994ff09ce030b50de8c6fc5b89b9c25a66796948aff55370716ca1233af \ - --hash=sha256:24ba68b8a5996b6ec9632d11a3fd2e7159cb7e6becd3104e0a9372b5a2a148ef - # via -r src/backend/requirements.in django-money==3.6.0 \ --hash=sha256:94402f2831f2726b94ef2da35b4059441b4c0aedfc47b312472200d4ffdf8d73 \ --hash=sha256:a8d249bf3ce6ad7fb953530c920cc85ea7f1137c0fde747a74204ea24ec97ab1 @@ -1050,10 +1041,6 @@ lxml==6.1.1 \ # via # python3-saml # xmlsec -markdown==3.10.2 \ - --hash=sha256:994d51325d25ad8aa7ce4ebaec003febcce822c3f8c911e3b17c52f7f589f950 \ - --hash=sha256:e91464b71ae3ee7afd3017d9f358ef0baf158fd9a298db92f1d4761133824c36 - # via django-markdownify markupsafe==3.0.3 \ --hash=sha256:0303439a41979d9e74d18ff5e2dd8c43ed6c6001fd40e5bf2e43f7bd9bbc523f \ --hash=sha256:068f375c472b3e7acbe2d5318dea141359e6900156b5b2ba06a30b169086b91a \ @@ -1312,7 +1299,6 @@ packaging==26.2 \ --hash=sha256:5fc45236b9446107ff2415ce77c807cee2862cb6fac22b8a73826d0693b0980e \ --hash=sha256:ff452ff5a3e828ce110190feff1178bb1f2ea2281fa2075aadb987c2fb221661 # via - # bleach # gunicorn # opentelemetry-instrumentation paramiko==5.0.0 \ @@ -1890,9 +1876,7 @@ sgmllib3k==1.0.0 \ six==1.17.0 \ --hash=sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 \ --hash=sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81 - # via - # bleach - # python-dateutil + # via python-dateutil sqlparse==0.5.5 \ --hash=sha256:12a08b3bf3eec877c519589833aed092e2444e68240a3577e8e26148acc7b1ba \ --hash=sha256:e20d4a9b0b8585fdf63b10d30066c7c94c5d7a7ec47c889a2d83a3caa93ff28e @@ -1970,7 +1954,6 @@ webencodings==0.5.1 \ --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \ --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923 # via - # bleach # cssselect2 # tinycss2 # tinyhtml5