Reply sanitizer: cap raw input, auto-close open tags (no severed HTML)

Per Codex: slicing the SANITIZED html with [:8000] could cut through a tag or
entity. Cap the RAW editor HTML (20k) before sanitizing instead, and have
sanitize_reply_html auto-close any still-open allowed tags so malformed input
can never leave a dangling/severed tag in message_html or the email body.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
jay
2026-06-09 09:22:41 -04:00
parent a5cea7cd74
commit ba92c0a04b
3 changed files with 18 additions and 2 deletions
+10
View File
@@ -41,3 +41,13 @@ def test_html_to_text():
assert t2("<p>hi <strong>there</strong></p>") == "hi there"
assert t2("<ul><li>a</li><li>b</li></ul>") == "- a\n- b"
assert t2('<span style="font-size:18px">big</span>') == "big"
def test_autocloses_unclosed_tags():
assert s("<strong>bold") == "<strong>bold</strong>"
assert s("<p>hi") == "<p>hi</p>"
assert s("<ul><li>a</li>") == "<ul><li>a</li></ul>" # unclosed <ul> gets closed
assert s('<span style="font-size:18px">big') == '<span style="font-size:18px">big</span>'
# pathological input still never leaves a dangling open tag (balanced output)
out = s("<strong><em>x")
assert out == "<strong><em>x</em></strong>"