Sanitize RSS feed to remove control characters (#565)

2025-08-07 02:48:27 +02:00 · 2023-10-27 19:59:06 +02:00
parent 314e4a9b74
commit de328c78e2
2 changed files with 18 additions and 3 deletions
--- a/bookmarks/tests/test_feeds.py
+++ b/bookmarks/tests/test_feeds.py
@@ -104,6 +104,14 @@ class FeedsTestCase(TestCase, BookmarkFactoryMixin):

        self.assertContains(response, '<item>', count=0)

+    def test_strip_control_characters(self):
+        self.setup_bookmark(title='test\n\r\t\0\x08title', description='test\n\r\t\0\x08description')
+        response = self.client.get(reverse('bookmarks:feeds.all', args=[self.token.key]))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, '<item>', count=1)
+        self.assertContains(response, f'<title>test\n\r\ttitle</title>', count=1)
+        self.assertContains(response, f'<description>test\n\r\tdescription</description>', count=1)
+
    def test_unread_returns_404_for_unknown_feed_token(self):
        response = self.client.get(reverse('bookmarks:feeds.unread', args=['foo']))