feat: apply markdown rendering to HITL email, sanitize email subject and body (#32305)

This PR: 1. Fixes the bug that email body of `HumanInput` node are sent as-is, without markdown rendering or sanitization 2. Applies HTML sanitization to email subject and body 3. Removes `\r` and `\n` from email subject to prevent SMTP header injection Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-17 12:57:51 +08:00 · 2026-03-16 16:52:46 +08:00
parent 4822d550b6
commit 57d476d4e2
8 changed files with 229 additions and 9 deletions
--- a/api/tests/unit_tests/core/workflow/nodes/human_input/test_email_delivery_config.py
+++ b/api/tests/unit_tests/core/workflow/nodes/human_input/test_email_delivery_config.py
@ -14,3 +14,64 @@ def test_render_body_template_replaces_variable_values():
    result = config.render_body_template(body=config.body, url="https://example.com", variable_pool=variable_pool)

    assert result == "Hello World https://example.com"
+
+
+def test_render_markdown_body_renders_markdown_to_html():
+    rendered = EmailDeliveryConfig.render_markdown_body("**Bold** and [link](https://example.com)")
+
+    assert "<strong>Bold</strong>" in rendered
+    assert '<a href="https://example.com">link</a>' in rendered
+
+
+def test_render_markdown_body_sanitizes_unsafe_html():
+    rendered = EmailDeliveryConfig.render_markdown_body(
+        '<script>alert("xss")</script><a href="javascript:alert(1)" onclick="alert(2)">Click</a>'
+    )
+
+    assert "<script" not in rendered
+    assert "<a" not in rendered
+    assert "onclick" not in rendered
+    assert "javascript:" not in rendered
+    assert "Click" in rendered
+
+
+def test_render_markdown_body_sanitizes_markdown_link_with_javascript_href():
+    rendered = EmailDeliveryConfig.render_markdown_body("[bad](javascript:alert(1)) and [ok](https://example.com)")
+
+    assert "javascript:" not in rendered
+    assert "<a>bad</a>" in rendered
+    assert '<a href="https://example.com">ok</a>' in rendered
+
+
+def test_render_markdown_body_does_not_allow_raw_html_tags():
+    rendered = EmailDeliveryConfig.render_markdown_body("<b>raw html</b> and **markdown**")
+
+    assert "<b>" not in rendered
+    assert "raw html" in rendered
+    assert "<strong>markdown</strong>" in rendered
+
+
+def test_render_markdown_body_supports_table_syntax():
+    rendered = EmailDeliveryConfig.render_markdown_body("| h1 | h2 |\n| --- | ---: |\n| v1 | v2 |")
+
+    assert "<table>" in rendered
+    assert "<thead>" in rendered
+    assert "<tbody>" in rendered
+    assert 'align="right"' in rendered
+    assert "style=" not in rendered
+
+
+def test_sanitize_subject_removes_crlf():
+    sanitized = EmailDeliveryConfig.sanitize_subject("Notice\r\nBCC:attacker@example.com")
+
+    assert "\r" not in sanitized
+    assert "\n" not in sanitized
+    assert sanitized == "Notice BCC:attacker@example.com"
+
+
+def test_sanitize_subject_removes_html_tags():
+    sanitized = EmailDeliveryConfig.sanitize_subject("<b>Alert</b><img src=x onerror=1>")
+
+    assert "<" not in sanitized
+    assert ">" not in sanitized
+    assert sanitized == "Alert"
--- a/api/tests/unit_tests/services/test_human_input_delivery_test_service.py
+++ b/api/tests/unit_tests/services/test_human_input_delivery_test_service.py
@ -207,6 +207,45 @@ class TestEmailDeliveryTestHandler:
        assert kwargs["to"] == "test@example.com"
        assert "RENDERED_Subj" in kwargs["subject"]

+    def test_send_test_sanitizes_subject(self, monkeypatch):
+        monkeypatch.setattr(
+            service_module.FeatureService,
+            "get_features",
+            lambda _id: SimpleNamespace(human_input_email_delivery_enabled=True),
+        )
+        monkeypatch.setattr(service_module.mail, "is_inited", lambda: True)
+        mock_mail_send = MagicMock()
+        monkeypatch.setattr(service_module.mail, "send", mock_mail_send)
+        monkeypatch.setattr(
+            service_module,
+            "render_email_template",
+            lambda template, substitutions: template.replace("{{ recipient_email }}", substitutions["recipient_email"]),
+        )
+
+        handler = EmailDeliveryTestHandler(session_factory=MagicMock())
+        handler._resolve_recipients = MagicMock(return_value=["test@example.com"])
+
+        context = DeliveryTestContext(
+            tenant_id="t1",
+            app_id="a1",
+            node_id="n1",
+            node_title="title",
+            rendered_content="content",
+            recipients=[DeliveryTestEmailRecipient(email="test@example.com", form_token="token123")],
+        )
+        method = EmailDeliveryMethod(
+            config=EmailDeliveryConfig(
+                recipients=EmailRecipients(whole_workspace=False, items=[]),
+                subject="<b>Notice</b>\r\nBCC:{{ recipient_email }}",
+                body="Body",
+            )
+        )
+
+        handler.send_test(context=context, method=method)
+
+        _, kwargs = mock_mail_send.call_args
+        assert kwargs["subject"] == "Notice BCC:test@example.com"
+
    def test_resolve_recipients(self):
        handler = EmailDeliveryTestHandler(session_factory=MagicMock())

--- a/api/tests/unit_tests/tasks/test_mail_human_input_delivery_task.py
+++ b/api/tests/unit_tests/tasks/test_mail_human_input_delivery_task.py
@ -120,4 +120,37 @@ def test_dispatch_human_input_email_task_replaces_body_variables(monkeypatch: py
        session_factory=lambda: _DummySession(form),
    )

-    assert mail.sent[0]["html"] == "Body OK"
+    assert mail.sent[0]["html"] == "<p>Body OK</p>"
+
+
+@pytest.mark.parametrize("line_break", ["\r\n", "\r", "\n"])
+def test_dispatch_human_input_email_task_sanitizes_subject(
+    monkeypatch: pytest.MonkeyPatch,
+    line_break: str,
+):
+    mail = _DummyMail()
+    form = SimpleNamespace(id="form-1", tenant_id="tenant-1", workflow_run_id=None)
+    job = task_module._EmailDeliveryJob(
+        form_id="form-1",
+        subject=f"Notice{line_break}BCC:attacker@example.com <b>Alert</b>",
+        body="Body",
+        form_content="content",
+        recipients=[task_module._EmailRecipient(email="user@example.com", token="token-1")],
+    )
+
+    monkeypatch.setattr(task_module, "mail", mail)
+    monkeypatch.setattr(
+        task_module.FeatureService,
+        "get_features",
+        lambda _tenant_id: SimpleNamespace(human_input_email_delivery_enabled=True),
+    )
+    monkeypatch.setattr(task_module, "_load_email_jobs", lambda _session, _form: [job])
+    monkeypatch.setattr(task_module, "_load_variable_pool", lambda _workflow_run_id: None)
+
+    task_module.dispatch_human_input_email_task(
+        form_id="form-1",
+        node_title="Approve",
+        session_factory=lambda: _DummySession(form),
+    )
+
+    assert mail.sent[0]["subject"] == "Notice BCC:attacker@example.com Alert"