Mechanicalsoup

============================

===========

Breaking changes
----------------

* To prevent malicious web servers from reading arbitrary files from the
client, files must now be opened explicitly by the user in order to
upload their contents in form submission. For example, instead of:

browser["upload"] = "/path/to/file"

you would now use:

browser["upload"] = open("/path/to/file", "rb")

This remediates
`CVE-2023-34457 <https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4>`__.
Our thanks to e-c-d for reporting and helping to fix the vulnerability!

Main changes
------------

* Added support for Python 3.11.

* Allow submitting a form with no submit element. This can be achieved by
passing ``submit=False`` to ``StatefulBrowser.submit_selected``. Thanks
alexreg!
[`480 <https://github.com/MechanicalSoup/MechanicalSoup/pull/411`__]

===========

Main changes
------------

* Added support for Python 3.10.

* Add support for HTML form-associated elements (i.e. input elements that are
associated with a form by a ``form`` attribute, but are not a child element
of the form.)
[`380 <https://github.com/MechanicalSoup/MechanicalSoup/issues/380>`__]

Bug fixes
---------

* When uploading a file, only the filename is now submitted to the server.
Previously, the full file path was being submitted, which exposed more
local information than users may have been expecting.
[`375 <https://github.com/MechanicalSoup/MechanicalSoup/pull/375>`__]

===========

Main changes
------------

* Dropped support for EOL Python versions: 2.7 and 3.5.

* Increased minimum version requirement for requests from 2.0 to 2.22.0
and beautifulsoup4 from 4.4 to 4.7.

* Use encoding from the HTTP request when no HTML encoding is specified.
[`355 <https://github.com/MechanicalSoup/MechanicalSoup/pull/355>`__]

* Added the ``put`` method to the ``Browser`` class. This is a light wrapper
around ``requests.Session.put``.
[`359 <https://github.com/MechanicalSoup/MechanicalSoup/pull/359>`__]

* Don't override ``Referer`` headers passed in by the user.
[`364 <https://github.com/MechanicalSoup/MechanicalSoup/pull/364>`__]

* ``StatefulBrowser`` methods ``follow_link`` and ``download_link``
now support passing a dictionary of keyword arguments to
``requests``, via ``requests_kwargs``. For symmetry, they also
support passing Beautiful Soup args in as ``bs4_kwargs``, although
any excess ``**kwargs`` are sent to Beautiful Soup as well, just as
they were previously.
[`368 <https://github.com/MechanicalSoup/MechanicalSoup/pull/368>`__]

===========

This is the last release that will support Python 2.7. Thanks to the many
contributors that made this release possible!

Main changes:
-------------

* Added support for Python 3.8 and 3.9.

* ``StatefulBrowser`` has new properties ``page``, ``form``, and ``url``,
which can be used in place of the methods ``get_current_page``,
``get_current_form`` and ``get_url`` respectively (e.g. the new ``x.page``
is equivalent to ``x.get_current_page()``). These methods may be deprecated
in a future release.
[`175 <https://github.com/MechanicalSoup/MechanicalSoup/issues/175>`__]

* ``StatefulBrowser.form`` will raise an ``AttributeError`` instead of
returning ``None`` if no form has been selected yet. Note that
``StatefulBrowser.get_current_form()`` still returns ``None`` for
backward compatibility.

Bug fixes
---------

* Decompose ``<select>`` elements with the same name when adding a new
input element to a form.
[`297 <https://github.com/MechanicalSoup/MechanicalSoup/issues/297>`__]

* The ``params`` and ``data`` kwargs passed to ``submit`` will now properly
be forwarded to the underlying request for GET methods (whereas previously
``params`` was being overwritten by ``data``).
[`343 <https://github.com/MechanicalSoup/MechanicalSoup/pull/343>`__]

============

Main changes:
-------------

* Changes in official python version support: added 3.7 and dropped 3.4.

* Added ability to submit a form without updating ``StatefulBrowser`` internal
state: ``submit_selected(..., update_state=False)``. This means you get a
response from the form submission, but your browser stays on the same page.
Useful for handling forms that result in a file download or open a new tab.

Bug fixes
---------

* Improve handling of form enctype to behave like a real browser.
[`242 <https://github.com/MechanicalSoup/MechanicalSoup/issues/242>`__]

* HTML ``type`` attributes are no longer required to be lowercase.
[`245 <https://github.com/MechanicalSoup/MechanicalSoup/issues/245>`__]

* Form controls with the ``disabled`` attribute will no longer be submitted
to improve compliance with the HTML standard. If you were relying on this
bug to submit disabled elements, you can still achieve this by deleting the
``disabled`` attribute from the element in the :class:`~mechanicalsoup.Form`
object directly.
[`248 <https://github.com/MechanicalSoup/MechanicalSoup/issues/248>`__]

* When a form containing a file input field is submitted without choosing a
file, an empty filename & content will be sent just like in a real browser.
[`250 <https://github.com/MechanicalSoup/MechanicalSoup/issues/250>`__]

* ``<option>`` tags without a ``value`` attribute will now use their text as
the value.
[`252 <https://github.com/MechanicalSoup/MechanicalSoup/pull/252>`__]

* The optional ``url_regex`` argument to ``follow_link`` and ``download_link``
was fixed so that it is no longer ignored.
[`256 <https://github.com/MechanicalSoup/MechanicalSoup/pull/256>`__]

* Allow duplicate submit elements instead of raising a LinkNotFoundError.
[`264 <https://github.com/MechanicalSoup/MechanicalSoup/issues/264>`__]

Our thanks to the many new contributors in this release!