From 08dc7d0f291df602338657a1cb091671c28a4566 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Sun, 27 Feb 2022 11:13:11 +0000
Subject: [PATCH] Remove any markup from theme values

---
 theme.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/theme.py b/theme.py
index a80a12e0b..52000e0c2 100644
--- a/theme.py
+++ b/theme.py
@@ -16,6 +16,7 @@ from utils import copytree
 from utils import acct_dir
 from utils import dangerous_svg
 from utils import local_actor_url
+from utils import remove_html
 from shutil import copyfile
 from shutil import make_archive
 from shutil import unpack_archive
@@ -272,6 +273,7 @@ def _remove_theme(base_dir: str):
 def set_css_param(css: str, param: str, value: str) -> str:
     """Sets a CSS parameter to a given value
     """
+    value = remove_html(value)
     # is this just a simple string replacement?
     if ';' in param:
         return css.replace(param, value)