[WEB-4780] chore: changed the html validation (#7648)

* chore: changed the html validation * chore: added requirements for nh3 * chore: removed the json validations
2025-08-27 00:38:25 +05:30 · 2025-08-27 00:38:25 +05:30 · 0af75897f5
commit 0af75897f5
parent 3602ff6930
10 changed files with 91 additions and 366 deletions
--- a/apps/api/plane/app/serializers/draft.py
+++ b/apps/api/plane/app/serializers/draft.py
@ -23,7 +23,6 @@ from plane.db.models import (
 )
 from plane.utils.content_validator import (
    validate_html_content,
-    validate_json_content,
    validate_binary_data,
 )
 from plane.app.permissions import ROLE
@ -76,20 +75,24 @@ class DraftIssueCreateSerializer(BaseSerializer):
            raise serializers.ValidationError("Start date cannot exceed target date")

        # Validate description content for security
-        if "description" in attrs and attrs["description"]:
-            is_valid, error_msg = validate_json_content(attrs["description"])
-            if not is_valid:
-                raise serializers.ValidationError({"description": error_msg})
-
        if "description_html" in attrs and attrs["description_html"]:
-            is_valid, error_msg = validate_html_content(attrs["description_html"])
+            is_valid, error_msg, sanitized_html = validate_html_content(
+                attrs["description_html"]
+            )
            if not is_valid:
-                raise serializers.ValidationError({"description_html": error_msg})
+                raise serializers.ValidationError(
+                    {"error": "html content is not valid"}
+                )
+            # Update the attrs with sanitized HTML if available
+            if sanitized_html is not None:
+                attrs["description_html"] = sanitized_html

        if "description_binary" in attrs and attrs["description_binary"]:
            is_valid, error_msg = validate_binary_data(attrs["description_binary"])
            if not is_valid:
-                raise serializers.ValidationError({"description_binary": error_msg})
+                raise serializers.ValidationError(
+                    {"description_binary": "Invalid binary data"}
+                )

        # Validate assignees are from project
        if attrs.get("assignee_ids", []):