Repoze.bitblt

Latest version: v0.9

Safety actively analyzes 688007 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 2

0.9

~~~~~~~~~~~~~~~~~~~~~~~~~

- Maintain embedded ICC Profiles in images. Requires PIL 1.1.7 or later.

- Add simplistic cache implementation. [damien]

- Remove paragraph in readme which mentions the try_xhtml option. It's now a
no-op. [jinty]

- Use PATH_INFO directly to avoid blowing up on non UTF-8 paths.

0.8

~~~~~~~~~~~~~~~~~~~~~~~~~

The major change in the 0.8 release was a rewrite of the <img> tag search and
replace to use regexs rather than lxml. It was proving too hard to prevent lxml
from mangling low quality HTML in nasty ways. The new regex based
search/replace takes a lot of care to only modify what is necessary.

Side effects of this change are a reduction of dependencies and theoretically
better performance.

- Work with unclosed <img> tags (HTML4). [jinty]

- Re-write rewrite_image_tags to use regular expressions to find/mangle img
tags. As well aas removing the dependency on lxml this prevents a whole
class of bugs where lxml was changing the HTML source too much, see
http://bugs.repoze.org/issue103. Backwards compatibility for the
'ImageTransformationMiddleware' class was preserved by leaving the try_xhtml
argument in place. It is now a no-op.
[jinty]

- Make sure resizing preserves GIF transparency.
http://bugs.repoze.org/issue115
[jinty]

- Fix bug where <![CDATA[ escaped sections would be quoted and the CDATA
stripped. This causes foulups when quoting Javascript.
[jinty]

- Properly rewrite <img> tags with pixel (e.g. height="100px") attributes,
previously the url generated missed the regex resulting in broken images.
[jinty]

- Don't rewrite <img> tags with percentage sizes, only the browser knows
how big the images should be. See http://www.w3.org/TR/html4/types.htmlh-6.6.
[jinty]

- Use ``unicode_body`` all over to ensure correct
encoding. [jinty]

- Fixed bug where the leading slash of an absolute URL without the
FQDN would be wrongly removed. [damien]

- Fixed bug where the quality-parameter would not be coerced to
integer, required by PIL. [damien]

- Compatibility with Python 2.4. [malthe]

0.7

~~~~~~~~~~~~~~~~~~~~~~~~~

- Don't use python 2.6 syntax.
[seletz]

- Handle empty content bodies, which can occure for redirects.
[fschulze]

- Added support for xhtml, which allows the inclusion of namespace tags.
[fschulze]

- Added option to limit the url rewriting to urls below the application url.
[fschulze]

- Added scaling filter support.
[fschulze]

- Support image tags with only one of the width or height attributes set.
[fschulze]

- Fix UnboundLocalError for respones with untransformed image.
[fschulze]

- Fix importing of PIL. The old way assumed the broken egg installation.
[fschulze]

- Made tests run.
[fschulze]

0.6

~~~~~~~~~~~~~~~~~~~~~~~~~

- Require to pass in a ``secret`` parameter to configure middleware
security. [malthe]

0.5

~~~~~~~~~~~~~~~~~~~~~~~~~

- Rewritten URLs are now signed by the middleware to ensure that
bitblt requests are only crafted by the middleware. This is required
to shield against DoS attacks. [malthe]

0.4

~~~~~~~~~~~~~~~~~~~~~~~~~

- Fixed path handling. [malthe]

- Added HTML document processing which scans document for image tags
and rewrite image ``src`` attribute to include "bitblt" traversing
directive. This makes it work as an actual middleware, since the
application semantics are then unchanged. [malthe]

- No longer accept query parameters, but instead require traversing
directive "/bitblt-<width>x<height>". [malthe]

- Removed functionality to MIME-type convert. [malthe]

Page 1 of 2

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.