diff --git a/lms/djangoapps/discussion/rest_api/render.py b/lms/djangoapps/discussion/rest_api/render.py
index fb302423c8..44e2d8b692 100644
--- a/lms/djangoapps/discussion/rest_api/render.py
+++ b/lms/djangoapps/discussion/rest_api/render.py
@@ -7,11 +7,11 @@ implemented in Markdown.Sanitizer.js.
import bleach
import markdown
-ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
+ALLOWED_TAGS = bleach.ALLOWED_TAGS | {
'br', 'dd', 'del', 'dl', 'dt', 'h1', 'h2', 'h3', 'h4', 'hr', 'img', 'kbd', 'p', 'pre', 's',
'strike', 'sub', 'sup'
-]
-ALLOWED_PROTOCOLS = ["http", "https", "ftp", "mailto"]
+}
+ALLOWED_PROTOCOLS = {"http", "https", "ftp", "mailto"}
ALLOWED_ATTRIBUTES = {
"a": ["href", "title", "target", "rel"],
"img": ["src", "alt", "title", "width", "height"],
diff --git a/lms/templates/courseware/progress_graph.js b/lms/templates/courseware/progress_graph.js
index d2a10e511f..5a1d64c36e 100644
--- a/lms/templates/courseware/progress_graph.js
+++ b/lms/templates/courseware/progress_graph.js
@@ -74,7 +74,7 @@ $(function () {
## allowing the display of such images, and remove any previously stored HTML
## to prevent ugly HTML from being shown to learners.
## xss-lint: disable=javascript-jquery-append
- ticks.append( [tickIndex, bleach.clean(section['label'], tags=[], strip=True)] )
+ ticks.append( [tickIndex, bleach.clean(section['label'], tags=set(), strip=True)] )
if section['category'] in detail_tooltips:
## xss-lint: disable=javascript-jquery-append
diff --git a/openedx/core/djangolib/markup.py b/openedx/core/djangolib/markup.py
index 8dd5e3699e..3009f1d53f 100644
--- a/openedx/core/djangolib/markup.py
+++ b/openedx/core/djangolib/markup.py
@@ -53,7 +53,7 @@ def strip_all_tags_but_br(string_to_strip):
string_to_strip = ""
string_to_strip = decode.utf8(string_to_strip)
- string_to_strip = bleach.clean(string_to_strip, tags=['br'], strip=True)
+ string_to_strip = bleach.clean(string_to_strip, tags={'br'}, strip=True)
return HTML(string_to_strip)
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index f3a3cbda55..da0f29e424 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -75,7 +75,3 @@ pyopenssl==22.0.0
cryptography==38.0.4 # greater version has some issues with openssl.
-
-# These two constraints will be removed in this PR: https://github.com/openedx/edx-platform/pull/31678
-bleach[css]==5.0.1 # greater version has some breaking changes.
-openedx-django-wiki<2.0.0 # greater version needs bleech >6.0.0
diff --git a/xmodule/capa/util.py b/xmodule/capa/util.py
index 66e7b12390..ada0818a39 100644
--- a/xmodule/capa/util.py
+++ b/xmodule/capa/util.py
@@ -191,8 +191,8 @@ def sanitize_html(html_code):
})
output = bleach.clean(
html_code,
- protocols=bleach.ALLOWED_PROTOCOLS + ['data'],
- tags=bleach.ALLOWED_TAGS + ['div', 'p', 'audio', 'pre', 'img', 'span'],
+ protocols=bleach.ALLOWED_PROTOCOLS | {'data'},
+ tags=bleach.ALLOWED_TAGS | {'div', 'p', 'audio', 'pre', 'img', 'span'},
css_sanitizer=CSSSanitizer(allowed_css_properties=["white-space"]),
attributes=attributes
)
@@ -216,12 +216,12 @@ def remove_markup(html):
"""
Return html with markup stripped and text HTML-escaped.
- >>> bleach.clean("Rock & Roll", tags=[], strip=True)
+ >>> bleach.clean("Rock & Roll", tags=set(), strip=True)
'Rock & Roll'
- >>> bleach.clean("Rock & Roll", tags=[], strip=True)
+ >>> bleach.clean("Rock & Roll", tags=set(), strip=True)
'Rock & Roll'
"""
- return HTML(bleach.clean(html, tags=[], strip=True))
+ return HTML(bleach.clean(html, tags=set(), strip=True))
def get_course_id_from_capa_block(capa_block):