[WEB-4806] chore: updated html attribute validation #7719

2025-10-16 12:45:33 +00:00 · 2025-09-04 13:52:43 +05:30 · 2025-09-04 13:52:43 +05:30 · c40c7804e7
commit c40c7804e7
parent cab5d20217
1 changed files with 44 additions and 40 deletions
--- a/apps/api/plane/utils/content_validator.py
+++ b/apps/api/plane/utils/content_validator.py
@ -67,20 +67,9 @@ def validate_binary_data(data):
 # Combine custom components and editor-specific nodes into a single set of tags
 CUSTOM_TAGS = {
    # editor node/tag names
-    "imageComponent",
-    "image",
-    "mention",
-    "link",
-    "customColor",
-    "emoji",
-    "tableHeader",
-    "tableCell",
-    "tableRow",
-    "codeBlock",
-    "code",
-    "horizontalRule",
-    "calloutComponent",
-    # component-style tag used by editor embeds
+    "mention-component",
+    "label",
+    "input",
    "image-component",
 }
 ALLOWED_TAGS = nh3.ALLOWED_TAGS | CUSTOM_TAGS
@ -102,49 +91,64 @@ ATTRIBUTES = {
        "data-node-type",
        "data-type",
        "data-checked",
-        "data-background",
+        "data-background-color",
        "data-text-color",
+        "data-name",
+        # callout attributes
        "data-icon-name",
        "data-icon-color",
-        "data-background-color",
+        "data-background",
        "data-emoji-unicode",
        "data-emoji-url",
        "data-logo-in-use",
        "data-block-type",
-        "data-name",
-        "data-entity-id",
-        "data-entity-group-id",
    },
    "a": {"href", "target"},
    # editor node/tag attributes
-    "imageComponent": {"id", "width", "height", "aspectRatio", "src", "alignment"},
-    "image": {"width", "height", "aspectRatio", "alignment", "src", "alt", "title"},
-    "mention": {"id", "entity_identifier", "entity_name"},
-    "link": {"href", "target"},
-    "customColor": {"color", "backgroundColor"},
-    "emoji": {"name"},
-    "tableHeader": {"colspan", "rowspan", "colwidth", "background", "hideContent"},
-    "tableCell": {
+    "image-component": {
+        "id",
+        "width",
+        "height",
+        "aspectRatio",
+        "aspectratio",
+        "src",
+        "alignment",
+    },
+    "img": {
+        "width",
+        "height",
+        "aspectRatio",
+        "aspectratio",
+        "alignment",
+        "src",
+        "alt",
+        "title",
+    },
+    "mention-component": {"id", "entity_identifier", "entity_name"},
+    "th": {
+        "colspan",
+        "rowspan",
+        "colwidth",
+        "background",
+        "hideContent",
+        "hidecontent",
+        "style",
+    },
+    "td": {
        "colspan",
        "rowspan",
        "colwidth",
        "background",
        "textColor",
+        "textcolor",
        "hideContent",
+        "hidecontent",
+        "style",
    },
-    "tableRow": {"background", "textColor"},
-    "codeBlock": {"language"},
-    "calloutComponent": {
-        "data-icon-color",
-        "data-icon-name",
-        "data-emoji-unicode",
-        "data-emoji-url",
-        "data-logo-in-use",
-        "data-background",
-        "data-block-type",
-    },
-    # image-component (from editor extension and seeds)
-    "image-component": {"src", "id", "width", "height", "aspectratio", "alignment"},
+    "tr": {"background", "textColor", "textcolor", "style"},
+    "pre": {"language"},
+    "code": {"language", "spellcheck"},
+    "input": {"type", "checked"},
 }

 SAFE_PROTOCOLS = {"http", "https", "mailto", "tel"}