chore: added validation for description (#7507)

* added PageBinaryUpdateSerializer for binary data validation and update * chore: added validation for description * chore: removed the duplicated file * Fixed coderabbit comments - Improve content validation by consolidating patterns and enhancing recursion checks - Updated `PageBinaryUpdateSerializer` to simplify assignment of validated data. - Enhanced `content_validator.py` with consolidated dangerous patterns and added recursion depth checks to prevent stack overflow during validation. - Improved readability and maintainability of validation functions by using constants for patterns. --------- Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
2025-07-30 14:19:49 +05:30 · 2025-07-30 14:19:49 +05:30 · 69d5cd183f
commit 69d5cd183f
parent b93883fc14
11 changed files with 613 additions and 16 deletions
--- a/apps/api/plane/app/views/page/base.py
+++ b/apps/api/plane/app/views/page/base.py
@ -25,6 +25,7 @@ from plane.app.serializers import (
    PageSerializer,
    SubPageSerializer,
    PageDetailSerializer,
+    PageBinaryUpdateSerializer,
 )
 from plane.db.models import (
    Page,
@ -538,32 +539,27 @@ class PagesDescriptionViewSet(BaseViewSet):
            {"description_html": page.description_html}, cls=DjangoJSONEncoder
        )

-        # Get the base64 data from the request
-        base64_data = request.data.get("description_binary")
-
-        # If base64 data is provided
-        if base64_data:
-            # Decode the base64 data to bytes
-            new_binary_data = base64.b64decode(base64_data)
-            # capture the page transaction
+        # Use serializer for validation and update
+        serializer = PageBinaryUpdateSerializer(page, data=request.data, partial=True)
+        if serializer.is_valid():
+            # Capture the page transaction
            if request.data.get("description_html"):
                page_transaction.delay(
                    new_value=request.data, old_value=existing_instance, page_id=pk
                )
-            # Store the updated binary data
-            page.description_binary = new_binary_data
-            page.description_html = request.data.get("description_html")
-            page.description = request.data.get("description")
-            page.save()
-            # Return a success response
+
+            # Update the page using serializer
+            updated_page = serializer.save()
+
+            # Run background tasks
            page_version.delay(
-                page_id=page.id,
+                page_id=updated_page.id,
                existing_instance=existing_instance,
                user_id=request.user.id,
            )
            return Response({"message": "Updated successfully"})
        else:
-            return Response({"error": "No binary data provided"})
+            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)


 class PageDuplicateEndpoint(BaseAPIView):