takahe.social
@bewresu just a gut feeling or has there been an announcement?
Fabian 
@fabian@takahe.social
(testing)
@takahe Yeah, there is probably a fix. I'm just too lazy to set up a dev env right now. But it seems at least it's not as easy as a „five char fix“ (`|safe`) *shrug*
…aaaand I broke it ;)
Custom CSS does not work when using quotes, e.g. in `font-family: "Foo Bar"`. Django escapes too aggressively.
2012 post on #StackOverflow says: “Use |striptags|safe”
Current #Django docs say: “Warning: Never use |striptags|safe — use bleach.clean()”
Bleach docs: “clean() is not safe to use in CSS context.”
🐇 rabbit hole
(Just not using quotes in CSS works ;)
Edited 69d ago
the default avatar is *almost* to nice to replace it. — actually, i just can’t find yet another profile pic right now. hey 👋