[rpms/python-html5lib] rawhide: Backport patches to allow updating bleach

[rpms/python-html5lib] rawhide: Backport patches to allow updating bleach

[Lumir Balhar]

A new commit has been pushed.

Repo   : rpms/python-html5lib
Branch : rawhide
Commit : a625b77d543602beed1f9c4c5b718fa9f991730a
Author : Lumir Balhar <lbalhar@redhat.com>
Date   : 2026-06-16T11:31:05+02:00
Stats  : +86/-0 in 3 file(s)
URL    : https://src.fedoraproject.org/rpms/python-html5lib/c/a625b77d543602beed1f9c4c5b718fa9f991730a?branch=rawhide

Log:
Backport patches to allow updating bleach

---
diff --git a/formaction_uri.patch b/formaction_uri.patch
new file mode 100644
index 0000000..522b011
--- /dev/null
+++ b/formaction_uri.patch
@@ -0,0 +1,24 @@
+From 7443c80ccba8954ba60ae1866bd2f0221b20d07b Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Tue, 16 Jun 2026 11:29:15 +0200
+Subject: [PATCH] Add formaction to attributes with URI
+
+---
+ html5lib/filters/sanitizer.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/html5lib/filters/sanitizer.py b/html5lib/filters/sanitizer.py
+index 92c88cc..adec1f4 100644
+--- a/html5lib/filters/sanitizer.py
++++ b/html5lib/filters/sanitizer.py
+@@ -534,6 +534,7 @@ attr_val_is_uri = frozenset((
+     (None, 'dynsrc'),
+     (None, 'lowsrc'),
+     (None, 'ping'),
++    (None, 'formaction'),
+     (namespaces['xlink'], 'href'),
+     (namespaces['xml'], 'base'),
+ ))
+-- 
+2.54.0
+

diff --git a/python-html5lib.spec b/python-html5lib.spec
index 81082e7..9921c94 100644
--- a/python-html5lib.spec
+++ b/python-html5lib.spec
@@ -21,6 +21,15 @@ Patch:          %{url}/pull/591.patch
 # Replace pkg resources use, removed from setuptools 82+
 # https://github.com/html5lib/html5lib-python/pull/594 rebased
 Patch:          594.patch
+# Support the <wbr> element
+# Taken from:
+# https://github.com/html5lib/html5lib-python/commit/6ca02445
+# just without the changelog.
+Patch:          wbr_element_support.patch
+# Patch from bleach project fixing a security vulnerability
+# https://github.com/mozilla/bleach/commit/970df58e
+# https://github.com/mozilla/bleach/security/advisories/GHSA-gj48-438w-jh9v
+Patch:          formaction_uri.patch
 
 BuildArch:      noarch
 

diff --git a/wbr_element_support.patch b/wbr_element_support.patch
new file mode 100644
index 0000000..8f55d05
--- /dev/null
+++ b/wbr_element_support.patch
@@ -0,0 +1,53 @@
+From 6ca02445937a6a7c930c262d1325ec15fdb0324a Mon Sep 17 00:00:00 2001
+From: Tom Most <twm@freecog.net>
+Date: Thu, 2 Mar 2023 06:22:38 -0800
+Subject: [PATCH] Support the <wbr> element (#395)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Co-authored-by: Łukasz Langa <lukasz@langa.pl>
+
+diff --git a/html5lib/constants.py b/html5lib/constants.py
+index fe3e237c..11184e0d 100644
+--- a/html5lib/constants.py
++++ b/html5lib/constants.py
+@@ -571,7 +571,8 @@
+     "col",
+     "input",
+     "source",
+-    "track"
++    "track",
++    "wbr",
+ ])
+ 
+ cdataElements = frozenset(['title', 'textarea'])
+diff --git a/html5lib/filters/sanitizer.py b/html5lib/filters/sanitizer.py
+index 684f2172..f7ac8d9b 100644
+--- a/html5lib/filters/sanitizer.py
++++ b/html5lib/filters/sanitizer.py
+@@ -129,6 +129,7 @@
+     (namespaces['html'], 'ul'),
+     (namespaces['html'], 'var'),
+     (namespaces['html'], 'video'),
++    (namespaces['html'], 'wbr'),
+     (namespaces['mathml'], 'maction'),
+     (namespaces['mathml'], 'math'),
+     (namespaces['mathml'], 'merror'),
+diff --git a/html5lib/tests/test_sanitizer.py b/html5lib/tests/test_sanitizer.py
+index 9deed6f5..a6cbd798 100644
+--- a/html5lib/tests/test_sanitizer.py
++++ b/html5lib/tests/test_sanitizer.py
+@@ -55,6 +55,12 @@ def test_data_uri_disallowed_type():
+     assert expected == sanitized
+ 
+ 
++def test_wbr_allowed():
++    sanitized = sanitize_html('<wbr>')
++    expected = '<wbr/>'
++    assert expected == sanitized
++
++
+ def param_sanitizer():
+     for ns, tag_name in sanitizer.allowed_elements:
+         if ns != constants.namespaces["html"]: