nmlorg
commented
4 months ago Even worse: Sending /events with the test event titled 'te<i>st event':
ntelebot.errors.Error: {'ok': False, 'error_code': 400, 'description': 'Bad Request: can\'t parse entities: Unmatched end tag at byte offset 16, expected "</i>", found "</b>"'}
So eventutil.format_event needs to html.sanitize event['summary'] and event['location'], and reminders.diff_events needs to html.sanitize those fields (after they've been compared).
My fix for #94 is to pass outgoing HTML through a version of
_HTMLSanitizerthat truncates, and while testing I'm getting notices that '<a ...>Phoenix Comics & Games</a>' in the original text is correctly becoming '<a ...>Phoenix Comics & Games</a>' after truncation (i.e. the text is technically getting longer). I changed a test event to have the summary 'te<i>st ev</i>ent' and, in the current code, it came through as '<b>te<i>st ev</i>ent</b>'. Oops.