Do not escape valid characters in custom CSS (#863)

2025-08-09 03:37:54 +02:00 · 2024-09-28 11:17:48 +02:00
parent ebed0c050d
commit 791a5c73ca
10 changed files with 134 additions and 24 deletions
--- a/bookmarks/tests/test_settings_general_view.py
+++ b/bookmarks/tests/test_settings_general_view.py
@@ -1,3 +1,4 @@
+import hashlib
 import random
 from unittest.mock import patch, Mock

@@ -217,6 +218,31 @@ class SettingsGeneralViewTestCase(TestCase, BookmarkFactoryMixin):
        self.assertEqual(self.user.profile.theme, UserProfile.THEME_AUTO)
        self.assertSuccessMessage(html, "Profile updated", count=0)

+    def test_update_profile_updates_custom_css_hash(self):
+        form_data = self.create_profile_form_data(
+            {
+                "custom_css": "body { background-color: #000; }",
+            }
+        )
+        self.client.post(reverse("bookmarks:settings.update"), form_data, follow=True)
+        self.user.profile.refresh_from_db()
+
+        expected_hash = hashlib.md5(form_data["custom_css"].encode("utf-8")).hexdigest()
+        self.assertEqual(expected_hash, self.user.profile.custom_css_hash)
+
+        form_data["custom_css"] = "body { background-color: #fff; }"
+        self.client.post(reverse("bookmarks:settings.update"), form_data, follow=True)
+        self.user.profile.refresh_from_db()
+
+        expected_hash = hashlib.md5(form_data["custom_css"].encode("utf-8")).hexdigest()
+        self.assertEqual(expected_hash, self.user.profile.custom_css_hash)
+
+        form_data["custom_css"] = ""
+        self.client.post(reverse("bookmarks:settings.update"), form_data, follow=True)
+        self.user.profile.refresh_from_db()
+
+        self.assertEqual("", self.user.profile.custom_css_hash)
+
    def test_enable_favicons_should_schedule_icon_update(self):
        with patch.object(
            tasks, "schedule_bookmarks_without_favicons"