Reply sanitizer: cap raw input, auto-close open tags (no severed HTML)
Per Codex: slicing the SANITIZED html with [:8000] could cut through a tag or entity. Cap the RAW editor HTML (20k) before sanitizing instead, and have sanitize_reply_html auto-close any still-open allowed tags so malformed input can never leave a dangling/severed tag in message_html or the email body. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -118,6 +118,11 @@ def sanitize_reply_html(raw: str) -> str:
|
||||
p = _Sanitizer()
|
||||
p.feed(raw)
|
||||
p.close()
|
||||
# Close any still-open allowed tags (malformed input → never emit a dangling
|
||||
# or severed tag into stored HTML / the email body).
|
||||
for canon in reversed(p.open):
|
||||
if canon:
|
||||
p.out.append(f"</{canon}>")
|
||||
html = "".join(p.out)
|
||||
# If nothing but markup/whitespace survived, treat as empty.
|
||||
if not re.sub(r"<[^>]+>", "", html).strip():
|
||||
|
||||
Reference in New Issue
Block a user