{"id":7047,"library":"bleach-allowlist","title":"Bleach Allowlist","description":"Bleach Allowlist provides curated lists of HTML tags, attributes, and CSS styles, designed for sanitizing user-provided HTML using the `bleach` library. It offers ready-to-use allowlists for common scenarios like Markdown rendering or printing, as well as comprehensive CSS properties. The current version is 1.0.3, released on August 13, 2020. This library has had a single stable release since its inception and primarily serves as a data provider for `bleach`.","status":"maintenance","version":"1.0.3","language":"en","source_language":"en","source_url":"https://github.com/yourcelf/bleach-allowlist.git","tags":["html sanitization","bleach","allowlist","security","web","html"],"install":[{"cmd":"pip install bleach-allowlist","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"This library provides allowlists specifically for use with the `bleach` HTML sanitization library. It is a functional dependency.","package":"bleach","optional":false}],"imports":[{"symbol":"markdown_tags","correct":"from bleach_allowlist import markdown_tags"},{"symbol":"markdown_attrs","correct":"from bleach_allowlist import markdown_attrs"},{"symbol":"print_tags","correct":"from bleach_allowlist import print_tags"},{"symbol":"print_attrs","correct":"from bleach_allowlist import print_attrs"},{"symbol":"all_styles","correct":"from bleach_allowlist import all_styles"},{"symbol":"standard_styles","correct":"from bleach_allowlist import standard_styles"}],"quickstart":{"code":"import bleach\nfrom bleach_allowlist import print_tags, print_attrs, all_styles\n\nraw_html = '<h1>Hello <script>alert(\"XSS\")</script>World!</h1><p style=\"color: red;\">This is a paragraph.</p><a href=\"javascript:alert(1)\">Click me</a>'\n\n# Bleach requires the css_sanitizer for style attributes\n# You might need to install 'bleach[css]' if you use advanced CSS sanitization.\n# For simple use, passing all_styles works with default bleach setup for allowed styles.\n# Note: bleach itself is deprecated, consider alternatives for new projects.\n\n# If you are using bleach >= 5.0, CSS sanitization is significantly different.\n# You would typically use bleach.css_sanitizer.CSSSanitizer\n# For this example, assuming a version of bleach where `all_styles` can be passed directly\n# or for illustration of values. Always refer to bleach's current documentation.\n\nsanitized_html = bleach.clean(\n    raw_html,\n    tags=print_tags,\n    attributes=print_attrs,\n    styles=all_styles, # Note: For modern bleach, use css_sanitizer=CSSSanitizer(allowed_css_properties=all_styles)\n    strip=True\n)\n\nprint(sanitized_html)","lang":"python","description":"This quickstart demonstrates using `bleach-allowlist` with the `bleach` library to sanitize an HTML string. It imports predefined tag, attribute, and style lists and applies them to `bleach.clean()` for secure content rendering. Note that `bleach` itself has deprecated direct `styles` argument in favor of `css_sanitizer` in recent versions; the example above demonstrates the older usage for `styles` or illustrates the values provided."},"warnings":[{"fix":"For new projects, consider alternative HTML sanitization libraries. If you must use `bleach`, be aware of its maintenance status. No direct fix for `bleach-allowlist`, as it's a data provider.","message":"The upstream `bleach` library, which `bleach-allowlist` depends on, has been deprecated since January 2023. While `bleach-allowlist` itself provides static lists and is not deprecated, its utility is tied directly to `bleach`.","severity":"breaking","affected_versions":"All versions of `bleach-allowlist` are affected by the deprecation of `bleach`."},{"fix":"Ensure you are installing and importing from `bleach-allowlist`.","message":"The project was originally released under the name `bleach-whitelist` and subsequently renamed to `bleach-allowlist`. The `bleach-whitelist` package is deprecated and will not receive updates.","severity":"deprecated","affected_versions":"< 1.0.0 (`bleach-whitelist` package)"},{"fix":"If using `bleach-allowlist`'s `all_styles` or `standard_styles` with modern `bleach`, you must adapt your `bleach.clean` call. Instead of `styles=all_styles`, use `from bleach.css_sanitizer import CSSSanitizer; css_sanitizer=CSSSanitizer(allowed_css_properties=all_styles)`.","message":"The `bleach` library, particularly in versions 5.0.0 and above, introduced significant breaking changes related to CSS sanitization. The `styles` argument to `bleach.clean` was removed and replaced with a `css_sanitizer` argument that expects an instance of `bleach.css_sanitizer.CSSSanitizer`.","severity":"breaking","affected_versions":"`bleach` >= 5.0.0"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"The package was renamed. Install `bleach-allowlist` and update your imports from `bleach_whitelist` to `bleach_allowlist`.","cause":"Attempting to import from the old, deprecated package name `bleach-whitelist`.","error":"ModuleNotFoundError: No module named 'bleach_whitelist'"},{"fix":"Upgrade your `bleach.clean` call. Instead of passing `styles=...`, import `CSSSanitizer` from `bleach.css_sanitizer` and pass an instance: `css_sanitizer=CSSSanitizer(allowed_css_properties=your_style_list)`.","cause":"This error occurs when using `bleach.clean()` with the `styles` keyword argument in `bleach` versions 5.0.0 or later. The API changed to use a `css_sanitizer` object instead.","error":"TypeError: clean() got an unexpected keyword argument 'styles'"}]}