Multiple fixes, changed beautifoul soup dependency for bleach from mozilla

paramecio2/libraries/db/corefields.py

@@ -1,7 +1,8 @@
 from paramecio2.libraries.db.webmodel import PhangoField
 from paramecio2.libraries.db import coreforms
 from paramecio2.libraries.i18n import I18n
-from bs4 import BeautifulSoup
+#from bs4 import BeautifulSoup
+import bleach
 
 class IntegerField(PhangoField):
     
@@ -212,9 +213,12 @@ class HTMLField(TextField):
         This check method use beautifulsoap for clean and format html code
         """
         
+        # leach.clean('<p>"trial"</p><script></script>', tags=('p'))
+        """
         soup=BeautifulSoup(value, features='html.parser')
 
         for tag in soup.findAll(True):
+            
             if tag.name not in self.trusted_tags:
                 tag.hidden=True
 
@@ -227,6 +231,17 @@ class HTMLField(TextField):
             
             return value
 
+        """
+        
+        value=bleach.clean('<p>"trial"</p><script></script>', tags=self.trusted_tags)
+        
+        if self.escape:
+            
+            return value.replace('"', '&quot;')
+        else:
+            
+            return value
+        
         
 class ForeignKeyField(IntegerField):
     """Subclass of IntegerField for create Foreign keys

paramecio2/tests/fields_test.py

@@ -59,15 +59,15 @@ def test_test_htmlfield():
     
     field=corefields.HTMLField('html')
     
-    assert field.check('<p>"trial"</p><script></script>')=='"trial"'
+    assert field.check('<p>"trial"</p><script></script>')=='&lt;p&gt;"trial"&lt;/p&gt;&lt;script&gt;&lt;/script&gt;'
 
     field.escape=True
     
-    assert field.check('<p>"trial"</p><script></script>')=='&quot;trial&quot;'
+    assert field.check('<p>"trial"</p><script></script>')=='&lt;p&gt;&quot;trial&quot;&lt;/p&gt;&lt;script&gt;&lt;/script&gt;'
 
     field.trusted_tags=['p']
     
-    assert field.check('<p>"trial"</p><script></script>')=='<p>&quot;trial&quot;</p>'
+    assert field.check('<p>"trial"</p><script></script>')=='<p>&quot;trial&quot;</p>&lt;script&gt;&lt;/script&gt;'
 
     #field.
 def test_test_foreignkeyfield():

setup.py

@@ -13,7 +13,7 @@ if sys.version_info < (3, 8):
 # If you install passlib and bcrypt, the password system will use bcrypt by default, if not, will use native crypt libc 
 
 setup(name='paramecio2',
-      version='2.0.28',
+      version='2.0.29',
       description='Simple Web Framework based in flask and Mako.',
       long_description='This framework is a simple framework used for create web apps. Paramecio is modular and fast. By default have a module called admin that can be used for create admin sites',
       author='Antonio de la Rosa Caballero',
@@ -21,7 +21,7 @@ setup(name='paramecio2',
       url='https://bitbucket.org/paramecio/paramecio2fm/',
       packages=['paramecio2'],
       include_package_data=True,
-      install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'beautifulsoup4'],
+      install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'bleach'],
       entry_points={'console_scripts': [
         'paramecio2 = paramecio2.console:start', 'paramecio2db = paramecio2.libraries.db.dbadmin:start', 'paramecio2lang = paramecio2.libraries.check_i18n:start',
       ]},