Reply sanitizer: cap raw input, auto-close open tags (no severed HTML)
Per Codex: slicing the SANITIZED html with [:8000] could cut through a tag or entity. Cap the RAW editor HTML (20k) before sanitizing instead, and have sanitize_reply_html auto-close any still-open allowed tags so malformed input can never leave a dangling/severed tag in message_html or the email body. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
+3
-2
@@ -843,8 +843,9 @@ def create_app() -> FastAPI:
|
||||
|
||||
@app.post("/api/admin/feedback/{fid}/reply")
|
||||
def admin_feedback_reply(fid: int, body: FeedbackReplyBody, request: Request) -> dict:
|
||||
# Sanitize the editor HTML to our allowlist; derive the plain-text fallback.
|
||||
reply_html = sanitize_reply_html(body.html)[:8000]
|
||||
# Cap the RAW editor HTML first (slicing sanitized output could sever a
|
||||
# tag), then sanitize the whole thing.
|
||||
reply_html = sanitize_reply_html((body.html or "")[:20000])
|
||||
reply_text = reply_html_to_text(reply_html)
|
||||
if not reply_text:
|
||||
raise HTTPException(status_code=422, detail="Reply message is required.")
|
||||
|
||||
Reference in New Issue
Block a user