From 30cee781702a4354ad1fd44d5e23a74e26d380b1 Mon Sep 17 00:00:00 2001
From: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
Date: Tue, 26 Mar 2024 20:38:25 +0530
Subject: [PATCH] dev: fix api security error (#4072)

---
 apiserver/plane/api/serializers/issue.py | 31 ++++++++++++------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/apiserver/plane/api/serializers/issue.py b/apiserver/plane/api/serializers/issue.py
index b8f194b32..c78b109ef 100644
--- a/apiserver/plane/api/serializers/issue.py
+++ b/apiserver/plane/api/serializers/issue.py
@@ -1,32 +1,33 @@
-from lxml import html
+from django.core.exceptions import ValidationError
+from django.core.validators import URLValidator
 
 # Django imports
 from django.utils import timezone
-from django.core.validators import URLValidator
-from django.core.exceptions import ValidationError
+from lxml import html
 
 #  Third party imports
 from rest_framework import serializers
 
 # Module imports
 from plane.db.models import (
-    User,
     Issue,
-    State,
+    IssueActivity,
     IssueAssignee,
-    Label,
+    IssueAttachment,
+    IssueComment,
     IssueLabel,
     IssueLink,
-    IssueComment,
-    IssueAttachment,
-    IssueActivity,
+    Label,
     ProjectMember,
+    State,
+    User,
 )
+
 from .base import BaseSerializer
-from .cycle import CycleSerializer, CycleLiteSerializer
-from .module import ModuleSerializer, ModuleLiteSerializer
-from .user import UserLiteSerializer
+from .cycle import CycleLiteSerializer, CycleSerializer
+from .module import ModuleLiteSerializer, ModuleSerializer
 from .state import StateLiteSerializer
+from .user import UserLiteSerializer
 
 
 class IssueSerializer(BaseSerializer):
@@ -79,7 +80,7 @@ class IssueSerializer(BaseSerializer):
                 data["description_html"] = parsed_str
 
         except Exception as e:
-            raise serializers.ValidationError(f"Invalid HTML: {str(e)}")
+            raise serializers.ValidationError("Invalid HTML passed")
 
         # Validate assignees are from project
         if data.get("assignees", []):
@@ -294,7 +295,7 @@ class IssueLinkSerializer(BaseSerializer):
             raise serializers.ValidationError("Invalid URL format.")
 
         # Check URL scheme
-        if not value.startswith(('http://', 'https://')):
+        if not value.startswith(("http://", "https://")):
             raise serializers.ValidationError("Invalid URL scheme.")
 
         return value
@@ -366,7 +367,7 @@ class IssueCommentSerializer(BaseSerializer):
                 data["comment_html"] = parsed_str
 
         except Exception as e:
-            raise serializers.ValidationError(f"Invalid HTML: {str(e)}")
+            raise serializers.ValidationError("Invalid HTML passed")
         return data