Skip to content

Add markupsafe.Markup XSS plugin #1225

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 4, 2025
Merged

Add markupsafe.Markup XSS plugin #1225

merged 2 commits into from
Feb 4, 2025

Conversation

Daverball
Copy link
Contributor

Closes #1067

This adds a plugin matching the existing Ruff lint RUF035, including its two settings.

@Daverball
Copy link
Contributor Author

On an unrelated note: I've noticed that a lot of the call-related methods on Context (especially the ones for inspecting arguments) are completely broken. They're not used anywhere and their unit tests are heavily mocked. I'd suggest getting rid of them, since they only serve as pitfalls right now. If you want to keep them I would encourage you to switch to more representative tests using ast.parse.

ericwb
ericwb reviewed Jan 28, 2025
View reviewed changes
@Daverball @ericwb
Apply suggestions from code review
c36e685 
Co-authored-by: Eric Brown <ericwb@users.noreply.github.com>
@ericwb ericwb merged commit 5e3e694 into PyCQA:main Feb 4, 2025
14 checks passed
@Daverball Daverball deleted the feat/markupsafe-xss branch February 5, 2025 07:00
@Daverball Daverball mentioned this pull request Feb 5, 2025
Merged
MichaReiser added a commit to astral-sh/ruff that referenced this pull request Mar 11, 2025
@Daverball @MichaReiser
[flake8-bandit] Move unsafe-markup-use from RUF035 to S704 (#…
2ae5344 
…15957)

## Summary

`RUF035` has been backported into bandit as `S704` in this
[PR](PyCQA/bandit#1225)

This moves the rule and its corresponding setting to the `flake8-bandit`
category

## Test Plan

`cargo nextest run`

---------

Co-authored-by: Micha Reiser <micha@reiser.io>
@MichaReiser MichaReiser mentioned this pull request Mar 12, 2025
Merged
MichaReiser added a commit to astral-sh/ruff that referenced this pull request Mar 13, 2025
@Daverball @MichaReiser
[flake8-bandit] Move unsafe-markup-use from RUF035 to S704 (#…
dbde8d8 
…15957)

## Summary

`RUF035` has been backported into bandit as `S704` in this
[PR](PyCQA/bandit#1225)

This moves the rule and its corresponding setting to the `flake8-bandit`
category

## Test Plan

`cargo nextest run`

---------

Co-authored-by: Micha Reiser <micha@reiser.io>
MichaReiser added a commit to astral-sh/ruff that referenced this pull request Mar 13, 2025
@Daverball @MichaReiser
[flake8-bandit] Move unsafe-markup-use from RUF035 to S704 (#…
c0b1413 
…15957)

## Summary

`RUF035` has been backported into bandit as `S704` in this
[PR](PyCQA/bandit#1225)

This moves the rule and its corresponding setting to the `flake8-bandit`
category

## Test Plan

`cargo nextest run`

---------

Co-authored-by: Micha Reiser <micha@reiser.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sigmavirus24 sigmavirus24 sigmavirus24 approved these changes

@ericwb ericwb ericwb approved these changes

@lukehinds lukehinds Awaiting requested review from lukehinds lukehinds is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Flag markupsafe.Markup on non-literal content
3 participants
@Daverball @sigmavirus24 @ericwb