diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-09-12 13:14:29 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-09-12 13:14:29 +0200 |
| commit | b42469e4e06d82a0e458b94379e226257ba3ca6c (patch) | |
| tree | f4df0740ff0378dd4d3691cac4e942ea0a22eb5a /internal/text | |
| parent | [feature] Fetch + display custom emoji in statuses from remote instances (#807) (diff) | |
| download | gotosocial-b42469e4e06d82a0e458b94379e226257ba3ca6c.tar.xz | |
[feature] Allow users to set custom css for their profiles + threads (#808)
* add custom css account property + db func to fetch
* allow account to get/set custom css
* serve custom css for an account
* go fmt
* use monospace for customcss, add link
* add custom css to account cache
* fix broken field
* add custom css docs to user guide
* add `accounts-allow-custom-css` config flag
* add allow custom css to /api/v1/instance response
* only show/set custom css if allowed to do so
* only set/serve custom account css if enabled
* update swagger docs
* chain promise
* make bool a bit clearer
* use cache for GetAccountCustomCSSByUsername
Diffstat (limited to 'internal/text')
| -rw-r--r-- | internal/text/sanitize_test.go | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/internal/text/sanitize_test.go b/internal/text/sanitize_test.go index eea5daadb..727da6f35 100644 --- a/internal/text/sanitize_test.go +++ b/internal/text/sanitize_test.go @@ -94,6 +94,35 @@ func (suite *SanitizeTestSuite) TestSanitizeCaption6() { suite.Equal("hello world", sanitized) } +func (suite *SanitizeTestSuite) TestSanitizeCustomCSS() { + customCSS := `.toot .username { + color: var(--link_fg); + line-height: 2rem; + margin-top: -0.5rem; + align-self: start; + + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; +}` + sanitized := text.SanitizePlaintext(customCSS) + suite.Equal(customCSS, sanitized) // should be the same as it was before +} + +func (suite *SanitizeTestSuite) TestSanitizeNaughtyCustomCSS1() { + // try to break out of <style> into <head> and change the document title + customCSS := "</style><title>pee pee poo poo</title><style>" + sanitized := text.SanitizePlaintext(customCSS) + suite.Empty(sanitized) +} + +func (suite *SanitizeTestSuite) TestSanitizeNaughtyCustomCSS2() { + // try to break out of <style> into <head> and change the document title + customCSS := "pee pee poo poo</style><title></title><style>" + sanitized := text.SanitizePlaintext(customCSS) + suite.Equal("pee pee poo poo", sanitized) +} + func TestSanitizeTestSuite(t *testing.T) { suite.Run(t, new(SanitizeTestSuite)) } |