diff --git a/lms/djangoapps/discussion/rest_api/discussions_notifications.py b/lms/djangoapps/discussion/rest_api/discussions_notifications.py index 4e372280ce66..498a05fdb987 100644 --- a/lms/djangoapps/discussion/rest_api/discussions_notifications.py +++ b/lms/djangoapps/discussion/rest_api/discussions_notifications.py @@ -392,7 +392,8 @@ def clean_thread_html_body(html_body): "video", "track", # Video Tags "audio", # Audio Tags "embed", "object", "iframe", # Embedded Content - "script" + "script", + "b", "strong", "i", "em", "u", "s", "strike", "del", "ins", "mark", "sub", "sup", # Text Formatting ] # Remove the specified tags while keeping their content @@ -403,9 +404,10 @@ def clean_thread_html_body(html_body): # Replace tags that are not allowed in email tags_to_update = [ {"source": "button", "target": "span"}, - {"source": "h1", "target": "h4"}, - {"source": "h2", "target": "h4"}, - {"source": "h3", "target": "h4"}, + *[ + {"source": tag, "target": "p"} + for tag in ["div", "section", "article", "h1", "h2", "h3", "h4", "h5", "h6"] + ], ] for tag_dict in tags_to_update: for source_tag in html_body.find_all(tag_dict['source']): @@ -414,4 +416,7 @@ def clean_thread_html_body(html_body): target_tag.string = source_tag.string source_tag.replace_with(target_tag) + for tag in html_body.find_all(True): + tag.attrs = {} + tag['style'] = 'margin: 0' return str(html_body) diff --git a/lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py b/lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py index d92e1000feb5..0a8d7504161f 100644 --- a/lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py +++ b/lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py @@ -104,14 +104,14 @@ def test_html_tags_removal(self):

This is a link to a page.

Here is an image: image

Embedded video:

-

Script test:

+

Script test:

Some other content that should remain.

""" - expected_output = ("

This is a link to a page.

" - "

Here is an image:

" - "

Embedded video:

" - "

Script test: alert('hello');

" - "

Some other content that should remain.

") + expected_output = ('

This is a link to a page.

' + '

Here is an image:

' + '

Embedded video:

' + '

Script test: alert("hello");

' + '

Some other content that should remain.

') result = clean_thread_html_body(html_body) @@ -132,19 +132,16 @@ def test_truncate_html_body(self): """ Test that the clean_thread_html_body function truncates the HTML body to 500 characters """ - html_body = """ -

This is a long text that should be truncated to 500 characters.

- """ * 20 # Repeat to exceed 500 characters - - result = clean_thread_html_body(html_body) - self.assertGreaterEqual(500, len(result)) + html_body = "This is a long text that should be truncated to 500 characters." * 20 + result = clean_thread_html_body(f"

{html_body}

") + self.assertGreaterEqual(525, len(result)) # 500 characters + 25 characters for the HTML tags def test_no_tags_to_remove(self): """ Test that the clean_thread_html_body function does not remove any tags if there are no unwanted tags """ html_body = "

This paragraph has no tags to remove.

" - expected_output = "

This paragraph has no tags to remove.

" + expected_output = '

This paragraph has no tags to remove.

' result = clean_thread_html_body(html_body) self.assertEqual(result, expected_output) @@ -169,28 +166,33 @@ def test_only_script_tag(self): result = clean_thread_html_body(html_body) self.assertEqual(result.strip(), expected_output) + def test_tag_replace(self): + """ + Tests if the clean_thread_html_body function replaces tags + """ + for tag in ["div", "section", "article", "h1", "h2", "h3", "h4", "h5", "h6"]: + html_body = f'<{tag}>Text' + result = clean_thread_html_body(html_body) + self.assertEqual(result, '

Text

') + def test_button_tag_replace(self): """ Tests that the clean_thread_html_body function replaces the button tag with span tag """ # Tests for button replacement tag with text html_body = '' - expected_output = 'Button' + expected_output = 'Button' result = clean_thread_html_body(html_body) self.assertEqual(result, expected_output) # Tests button tag replacement without text html_body = '' - expected_output = '' + expected_output = '' result = clean_thread_html_body(html_body) self.assertEqual(result, expected_output) - def test_heading_tag_replace(self): - """ - Tests that the clean_thread_html_body function replaces the h1, h2 and h3 tags with h4 tag - """ - for tag in ['h1', 'h2', 'h3']: - html_body = f'<{tag}>Heading' - expected_output = '

Heading

' - result = clean_thread_html_body(html_body) - self.assertEqual(result, expected_output) + def test_attributes_removal_from_tag(self): + # Tests for removal of attributes from tags + html_body = '

Paragraph

' + result = clean_thread_html_body(html_body) + self.assertEqual(result, '

Paragraph

')