CVE-2025-52559: Generate HTML for digest message sender safely.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2025-10-23 04:52:12 +00:00 · 2025-06-24 15:51:09 -07:00
parent c33b6cae38
commit a274170293
2 changed files with 11 additions and 7 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -519,7 +519,7 @@ ignore = [
 ]

 [tool.ruff.lint.flake8-bandit]
-allowed-markup-calls = ["lxml.html.tostring"]
+allowed-markup-calls = ["bs4.BeautifulSoup.decode", "lxml.html.tostring"]

 [tool.ruff.lint.flake8-gettext]
 extend-function-names = ["gettext_lazy"]