From 5b8b8ae597cb5971b469923770e614b7fef30210 Mon Sep 17 00:00:00 2001
From: Simon Willison <swillison@gmail.com>
Date: Tue, 29 Sep 2020 12:16:30 -0700
Subject: [PATCH] Handle \r\n correctly in CSS escapes, refs #980

---
 datasette/utils/__init__.py | 5 ++++-
 tests/test_utils.py         | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/datasette/utils/__init__.py b/datasette/utils/__init__.py
index c2578677..0c310f6a 100644
--- a/datasette/utils/__init__.py
+++ b/datasette/utils/__init__.py
@@ -271,7 +271,10 @@ _boring_keyword_re = re.compile(r"^[a-zA-Z_][a-zA-Z0-9_]*$")
 
 
 def escape_css_string(s):
-    return _css_re.sub(lambda m: "\\" + ("{:X}".format(ord(m.group())).zfill(6)), s)
+    return _css_re.sub(
+        lambda m: "\\" + ("{:X}".format(ord(m.group())).zfill(6)),
+        s.replace("\r\n", "\n"),
+    )
 
 
 def escape_sqlite(s):
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 9f666386..c244a6f4 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -425,6 +425,7 @@ def test_escape_fts(query, expected):
     [
         ("dog", "dog"),
         ('dateutil_parse("1/2/2020")', r"dateutil_parse(\0000221/2/2020\000022)"),
+        ("this\r\nand\r\nthat", r"this\00000Aand\00000Athat"),
     ],
 )
 def test_escape_css_string(input, expected):