Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to ammonia #26

Open
baseplate-admin opened this issue Apr 24, 2023 · 4 comments
Open

Switch to ammonia #26

baseplate-admin opened this issue Apr 24, 2023 · 4 comments

Comments

@baseplate-admin
Copy link

baseplate-admin commented Apr 24, 2023
edited
Loading

Hi,

Since bleach is deprecated, I think its better if we switch to nh3

apologies i am not familiar with how bleach integrates with django-markdownfield

@benjaoming
Copy link
Collaborator

@baseplate-admin We had a conversation in django-wiki about the same thing. We chose to just park the decision for now since Bleach is still under limited maintenance, and we could just wait and see what happens. The conversation is 3 months old now, so would be curious to hear from others.

Do you think that nh3 is showing signs of being a long-term project?

@baseplate-admin
Copy link
Author

baseplate-admin commented Apr 24, 2023
edited
Loading

. We chose to just park the decision for now since Bleach is still under limited maintenance, and we could just wait and see what happens.

Ah i see, so i am not the first guy who was worried to see bleach in maintenance.

Back to topic.

Taking a quick look at nh3 its built on ammonia which itself is dependent on html5ever which afaik parses the same way firefox parses html.

Do you think that nh3 is showing signs of being a long-term project?

Apologies i can't answer this question with certainty ( perhaps @messense would be kind enough to answer this | How he plans to maintain the nh3 project ) but to me nh3 looks like a solid project that lacks adoption :)

@dmptrluke
Copy link
Owner

I would lean towards whatever has the strongest security foundations - though future maintenance is obviously important too.

As nh3 is a binding for a Rust library, we would also want to make sure it's easy to build cross-platform - or has a good supply of pre-built wheels for common Python versions/operating systems.

@baseplate-admin
Copy link
Author

baseplate-admin commented Apr 25, 2023
edited
Loading

I would lean towards whatever has the strongest security foundations - though future maintenance is obviously important too.

Servo project is used in mozilla. So we can expect strong security and quick patches.

As nh3 is a binding for a Rust library, we would also want to make sure it's easy to build cross-platform - or has a good supply of pre-built wheels for common Python versions/operating systems.

At this point it looks like it has good supply of pre-built wheels for Python upto version 3.11

It also seems that the maintainer is super friendly to users migrating from bleach.

See = messense/nh3#10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@benjaoming @dmptrluke @baseplate-admin