fix: add HTML escaping to sanitize=False computed Html fields

[gonzalesedwin1123]

Summary

• Escape dynamic values with markupsafe.escape() in computed fields.Html that build HTML via f-strings, preventing stored XSS
• spp_audit: Escape values in data_html and parent_data_html audit log tables
• spp_change_request_v2: Escape registrant name/ID/address in registrant_summary_html, and field diff values in preview_html (both model and wizard)

Fixes #50

Test plan

• spp_audit tests pass (19/19)
• spp_change_request_v2 tests pass (286/286)
• Linting passes (ruff, ruff-format)
• Verify audit log HTML renders correctly in UI
• Verify CR preview HTML renders correctly in UI

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the security of the application by introducing HTML escaping for dynamically generated content in various computed HTML fields. The primary goal is to mitigate potential Cross-Site Scripting (XSS) risks by ensuring that user-controlled or dynamic data rendered as HTML is properly sanitized, thereby preventing malicious script injection and improving overall data integrity and user safety.

Highlights

• XSS Prevention: Implemented HTML escaping using markupsafe.escape() for dynamic values within computed fields.Html to prevent stored Cross-Site Scripting (XSS) vulnerabilities.
• Audit Log Escaping: Applied HTML escaping to data_html and parent_data_html fields in the spp_audit module, ensuring that audit log entries are safely rendered.
• Change Request Preview Escaping: Escaped registrant names, IDs, and addresses in registrant_summary_html, and field difference values in preview_html within the spp_change_request_v2 module, covering both model and wizard implementations.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces HTML escaping using markupsafe.escape to mitigate potential Cross-Site Scripting (XSS) vulnerabilities. The changes apply to various HTML fields in spp_audit_log.py, change_request.py, and preview_changes_wizard.py, ensuring dynamic content is properly sanitized before rendering. The review feedback indicates that while the current changes are a positive step, a comprehensive audit is still needed. Several other methods in spp_change_request_v2/models/change_request.py (e.g., _compute_review_documents_html, _compute_stage_banner_html, _compute_required_documents_html, _render_comparison_table, and _render_action_summary) still contain unescaped dynamic or user-provided data, posing continued XSS risks.

[codecov]

Codecov Report

❌ Patch coverage is 93.33333% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.34%. Comparing base (f738582) to head (7ee9652).
⚠️ Report is 7 commits behind head on 19.0.

Files with missing lines	Patch %	Lines
spp_change_request_v2/models/change_request.py	90.90%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             19.0     #140      +/-   ##
==========================================
+ Coverage   71.06%   71.34%   +0.27%     
==========================================
  Files         925      932       +7     
  Lines       54704    54975     +271     
==========================================
+ Hits        38876    39220     +344     
+ Misses      15828    15755      -73     

Flag	Coverage Δ
spp_api_v2_change_request	66.85% <ø> (ø)
spp_audit	72.60% <100.00%> (+8.76%)	⬆️
spp_base_common	90.26% <ø> (ø)
spp_cel_event	85.11% <ø> (ø)
spp_change_request_v2	75.39% <92.59%> (+1.21%)	⬆️
spp_claim_169	58.11% <ø> (ø)
spp_cr_types_advanced	0.00% <ø> (ø)
spp_cr_types_base	0.00% <ø> (ø)
spp_dci_demo	69.23% <ø> (ø)
spp_drims	79.55% <ø> (ø)
spp_drims_sl_demo	68.91% <ø> (ø)
spp_farmer_registry	88.39% <ø> (+0.09%)	⬆️
spp_farmer_registry_cr	61.15% <ø> (+0.05%)	⬆️
spp_farmer_registry_demo	54.01% <ø> (+0.62%)	⬆️
spp_hxl	98.34% <ø> (?)
spp_hxl_area	63.74% <ø> (ø)
spp_mis_demo_v2	69.73% <ø> (ø)
spp_programs	62.23% <ø> (ø)
spp_security	66.66% <ø> (ø)
spp_starter_social_registry	0.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
spp_audit/models/spp_audit_log.py	66.46% <100.00%> (+41.31%)	⬆️
spp_change_request_v2/__manifest__.py	0.00% <ø> (ø)
...hange_request_v2/wizards/preview_changes_wizard.py	86.95% <100.00%> (+60.28%)	⬆️
spp_change_request_v2/models/change_request.py	84.15% <90.90%> (+1.19%)	⬆️

... and 17 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gonzalesedwin1123]

@gemini-code-assist review

[gemini-code-assist]

Code Review

This pull request addresses a stored XSS vulnerability across the spp_audit and spp_change_request_v2 modules by implementing HTML escaping for dynamic content rendered within computed HTML fields. The markupsafe.escape function is now used to sanitize various fields, including audit log data, change request banners, document lists, registrant summaries, and preview HTML. Comprehensive unit tests have been added to both modules to verify the effectiveness of the HTML escaping. The review suggests enhancing the robustness of these new XSS tests by explicitly asserting the presence of escaped HTML entities, in addition to checking for the absence of unescaped ones.