[WEB-4780] chore: changed the html validation (#7648)

* chore: changed the html validation * chore: added requirements for nh3 * chore: removed the json validations
2025-08-27 00:38:25 +05:30 · 2025-08-27 00:38:25 +05:30 · 0af75897f5
commit 0af75897f5
parent 3602ff6930
10 changed files with 91 additions and 366 deletions
--- a/apps/api/plane/app/serializers/project.py
+++ b/apps/api/plane/app/serializers/project.py
@ -15,7 +15,6 @@ from plane.db.models import (
 )
 from plane.utils.content_validator import (
    validate_html_content,
-    validate_json_content,
    validate_binary_data,
 )

@ -65,27 +64,18 @@ class ProjectSerializer(BaseSerializer):

    def validate(self, data):
        # Validate description content for security
-        if "description" in data and data["description"]:
-            # For Project, description might be text field, not JSON
-            if isinstance(data["description"], dict):
-                is_valid, error_msg = validate_json_content(data["description"])
-                if not is_valid:
-                    raise serializers.ValidationError({"description": error_msg})
-
-        if "description_text" in data and data["description_text"]:
-            is_valid, error_msg = validate_json_content(data["description_text"])
-            if not is_valid:
-                raise serializers.ValidationError({"description_text": error_msg})
-
        if "description_html" in data and data["description_html"]:
-            if isinstance(data["description_html"], dict):
-                is_valid, error_msg = validate_json_content(data["description_html"])
-            else:
-                is_valid, error_msg = validate_html_content(
-                    str(data["description_html"])
-                )
+            is_valid, error_msg, sanitized_html = validate_html_content(
+                str(data["description_html"])
+            )
+            # Update the data with sanitized HTML if available
+            if sanitized_html is not None:
+                data["description_html"] = sanitized_html
+
            if not is_valid:
-                raise serializers.ValidationError({"description_html": error_msg})
+                raise serializers.ValidationError(
+                    {"error": "html content is not valid"}
+                )

        return data