fix(deps): update dependency bleach to v6.4.0 [security]#413
Open
renovate[bot] wants to merge 1 commit into
Open
fix(deps): update dependency bleach to v6.4.0 [security]#413renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
f797152 to
e67e475
Compare
e67e475 to
88cd8e5
Compare
88cd8e5 to
d9ab4ce
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.3.0→6.4.0Review
Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output
GHSA-8rfp-98v4-mmr6
More information
Details
Impact
A possible XSS bypass affects users calling
bleach.cleanwith all of:ain the allowed tagshrefin allowed attributesThe
bleach.cleansanitizer outputs URIs containing disallowed scheme patterns that it should be stripping. However, because the inserted Unicode characters make the scheme invalid per RFC 3986, modern browsers do not execute these as javascript: URIs. The practical security impact is limited to:This is not a direct XSS vulnerability.
Python code example from reporter with Bleach v6.3.0 and Python 3.13:
Output:
Patches
Users should upgrade to Bleach 6.4.0.
Workarounds
Pre-process content removing non-ASCII characters from URI schemes before sanitizing with
bleach.clean.A strong Content-Security-Policy without unsafe-inline and unsafe-eval script-srcs will also help mitigate the risk.
References
Reported by
Reported by codeant from CodeAnt AI.
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributes
GHSA-gj48-438w-jh9v
More information
Details
Summary
Bleach
clean()/Cleaner()fails to sanitize dangerous URI schemes in allowedformactionattributes.Bleach applies URI protocol sanitization only to attributes listed in
attr_val_is_uri. While URI-bearing attributes such asaction,href,src, andposterare included in that set,formactionis not. As a result, if a downstream application explicitly allowsformactionon submit-capable controls in untrusted HTML, Bleach preserves dangerous values such asjavascript:alert(1)instead of stripping them.This can lead to submit-triggered JavaScript execution in applications that rely on Bleach to sanitize untrusted HTML and allow the relevant tag/attribute combination.
Details
The issue appears to be a URI-sanitization coverage gap in Bleach’s sanitizer logic.
Relevant code paths:
bleach/sanitizer.py—BleachSanitizerFilter.allow_token(around line 553)bleach/_vendor/html5lib/filters/sanitizer.py—attr_val_is_uri(around line 525)In
BleachSanitizerFilter.allow_token, URI protocol sanitization is only applied when:However,
(None, 'formaction')is currently missing fromattr_val_is_uri.This creates an inconsistency where
actionis protocol-sanitized, butformactionis not.As a result, if a downstream application allows:
<button>or<input>formactionattributethen Bleach preserves dangerous URI schemes such as
javascript:informaction.Examples of affected submit-capable controls include:
<button>(default submit behavior unlesstype="button"is set)<input type="submit"><input type="image">This appears to be a real library-side sanitizer gap rather than only an application misuse issue, because Bleach already treats similar URI-bearing attributes (such as
action) as protocol-sensitive and sanitizes them.Suggested minimal fix:
Add:
to
attr_val_is_uriin:bleach/_vendor/html5lib/filters/sanitizer.pyI also prepared a minimal patch and focused regression tests if helpful.
PoC
Below are minimal reproductions using
bleach.clean().1)
<button>Actual output:
Expected output:
2)
<input type="submit">Actual output:
Expected output:
3)
<input type="image">Actual output:
Expected output:
Impact
This is a client-side HTML sanitization bypass / dangerous URI preservation issue.
If an application relies on Bleach to sanitize untrusted HTML and explicitly allows:
formaction<button>or<input>then Bleach can emit sanitized output that still contains a dangerous
javascript:URI informaction.That can lead to submit-triggered JavaScript execution when the user activates the control.
Impact is limited to configurations that explicitly allow the relevant tag/attribute combination, but the issue is still security-relevant because:
formactionis a real browser sinkactionI would currently assess this as Medium severity.
If useful, I also have:
a minimal patch
focused regression tests for:
<button formaction="javascript:..."><input type="submit" formaction="javascript:..."><input type="image" formaction="javascript:...">formaction="/submit"is preservedSeverity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output
GHSA-8rfp-98v4-mmr6
More information
Details
Impact
A possible XSS bypass affects users calling
bleach.cleanwith all of:ain the allowed tagshrefin allowed attributesThe
bleach.cleansanitizer outputs URIs containing disallowed scheme patterns that it should be stripping. However, because the inserted Unicode characters make the scheme invalid per RFC 3986, modern browsers do not execute these as javascript: URIs. The practical security impact is limited to:This is not a direct XSS vulnerability.
Python code example from reporter with Bleach v6.3.0 and Python 3.13:
Output:
Patches
Users should upgrade to Bleach 6.4.0.
Workarounds
Pre-process content removing non-ASCII characters from URI schemes before sanitizing with
bleach.clean.A strong Content-Security-Policy without unsafe-inline and unsafe-eval script-srcs will also help mitigate the risk.
References
Reported by
Reported by codeant from CodeAnt AI.
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributes
GHSA-gj48-438w-jh9v
More information
Details
Summary
Bleach
clean()/Cleaner()fails to sanitize dangerous URI schemes in allowedformactionattributes.Bleach applies URI protocol sanitization only to attributes listed in
attr_val_is_uri. While URI-bearing attributes such asaction,href,src, andposterare included in that set,formactionis not. As a result, if a downstream application explicitly allowsformactionon submit-capable controls in untrusted HTML, Bleach preserves dangerous values such asjavascript:alert(1)instead of stripping them.This can lead to submit-triggered JavaScript execution in applications that rely on Bleach to sanitize untrusted HTML and allow the relevant tag/attribute combination.
Details
The issue appears to be a URI-sanitization coverage gap in Bleach’s sanitizer logic.
Relevant code paths:
bleach/sanitizer.py—BleachSanitizerFilter.allow_token(around line 553)bleach/_vendor/html5lib/filters/sanitizer.py—attr_val_is_uri(around line 525)In
BleachSanitizerFilter.allow_token, URI protocol sanitization is only applied when:However,
(None, 'formaction')is currently missing fromattr_val_is_uri.This creates an inconsistency where
actionis protocol-sanitized, butformactionis not.As a result, if a downstream application allows:
<button>or<input>formactionattributethen Bleach preserves dangerous URI schemes such as
javascript:informaction.Examples of affected submit-capable controls include:
<button>(default submit behavior unlesstype="button"is set)<input type="submit"><input type="image">This appears to be a real library-side sanitizer gap rather than only an application misuse issue, because Bleach already treats similar URI-bearing attributes (such as
action) as protocol-sensitive and sanitizes them.Suggested minimal fix:
Add:
to
attr_val_is_uriin:bleach/_vendor/html5lib/filters/sanitizer.pyI also prepared a minimal patch and focused regression tests if helpful.
PoC
Below are minimal reproductions using
bleach.clean().1)
<button>Actual output:
Expected output:
2)
<input type="submit">Actual output:
Expected output:
3)
<input type="image">Actual output:
Expected output:
Impact
This is a client-side HTML sanitization bypass / dangerous URI preservation issue.
If an application relies on Bleach to sanitize untrusted HTML and explicitly allows:
formaction<button>or<input>then Bleach can emit sanitized output that still contains a dangerous
javascript:URI informaction.That can lead to submit-triggered JavaScript execution when the user activates the control.
Impact is limited to configurations that explicitly allow the relevant tag/attribute combination, but the issue is still security-relevant because:
formactionis a real browser sinkactionI would currently assess this as Medium severity.
If useful, I also have:
a minimal patch
focused regression tests for:
<button formaction="javascript:..."><input type="submit" formaction="javascript:..."><input type="image" formaction="javascript:...">formaction="/submit"is preservedSeverity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Release Notes
mozilla/bleach (bleach)
v6.4.0Compare Source
NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future
releases including for security issues.
See issue:
<https://github.com/mozilla/bleach/issues/698>__Backwards incompatible changes
Security fixes
Fix bug
2023812/ GHSA-8rfp-98v4-mmr6.Fix XSS issue with sanitize_uri_value where disallowed schemes with
Unicode invisible characters wouldn't be rejected.
For example::
import bleach
payload1 = 'Click'
result1 = bleach.clean(payload1)
print(repr(result1))
outputs::
'Click'
See the advisory for details.
Fix GHSA-gj48-438w-jh9v.
Fix issue where URI sanitization wasn't happening in formaction attributes.
See the advisory for details.
Bug fixes
Add support for pypy 3.11. (#764)
Drop version max in tinycss2 pin. (#772)
This removes one of the things we had to keep checking and updating. Users
now own the responsibility for correctness with the version of tinycss2
they're using.
Configuration
📅 Schedule: (in timezone America/Montreal)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.