Skip to content

Allow sanitiseContentFor parameter in sendEmail method#231

Open
kr8n3r wants to merge 7 commits into
mainfrom
add-sanitise_content_for-optional-parameter
Open

Allow sanitiseContentFor parameter in sendEmail method#231
kr8n3r wants to merge 7 commits into
mainfrom
add-sanitise_content_for-optional-parameter

Conversation

@kr8n3r
Copy link
Copy Markdown
Contributor

@kr8n3r kr8n3r commented May 5, 2026
edited
Loading

What problem does the pull request solve?

notify-api already accepts sanitize_content_for optional payload - an array of personalisation keys
that is sanitises.

This PR extends the Node client to accept the optional parameter sanitiseContentFor in the sendEmail method
Tests and type definitions also updated.

Input with sanitiseContentFor

personalisation: {
    name: 'click [evil link](https://evil.link)',
    link: 'Amala, please [click this evil link](https://evil.link)'
  },
sanitiseContentFor:['link']

Response

{
  content: {
    body: 'click [evil link](https://evil.link)\r\n' +
      '\r\n' +
      'this is the link Amala, please \\[click this evil link\\]\\(\\)',
  },
  sanitised_content: {
    link: {
      sanitised: 'Amala, please \\[click this evil link\\]\\(\\)',
      unsanitised: 'Amala, please [click this evil link](https://evil.link)'
    }
  },

Input without sanitiseContentFor

personalisation: {
    name: 'Amala',
    link: 'click [evil link](https://evil.link)'
  },

Response

{
  content: {
    body: 'Amala click [evil link](https://evil.link)\r\n'
  },
  sanitised_content: {},

Delivered message with and without sanitisation

Screenshot 2026-05-05 at 13 52 17

Checklist

  • I’ve used the pull request template
  • I’ve written unit tests for these changes
  • I’ve updated the documentation in
  • I’ve bumped the version number in
    • package.json
  • I've added new environment variables in
    • CONTRIBUTING.md
    • notifications-node-client/scripts/generate_docker_env.sh

@kr8n3r kr8n3r changed the title Add sanitize_content_for optional paramater Add sanitize_content_for optional parameter May 5, 2026
@kr8n3r kr8n3r force-pushed the add-sanitise_content_for-optional-parameter branch 2 times, most recently from 0cb30b2 to d0f1fe5 Compare May 5, 2026 15:04
@kr8n3r kr8n3r changed the title Add sanitize_content_for optional parameter Allow sanitise_content_for arg in send_email_notification endpoint May 7, 2026
CrystalPea
CrystalPea reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@CrystalPea CrystalPea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done on this! I left a couple comments - let me know what you think.

Comment thread spec/integration/schemas/v2/POST_notification_email_response.json Outdated
Comment thread client/notification.js Outdated
@kr8n3r kr8n3r force-pushed the add-sanitise_content_for-optional-parameter branch 4 times, most recently from f4bb9c1 to 9618f34 Compare May 8, 2026 09:16
@kr8n3r kr8n3r changed the title Allow sanitise_content_for arg in send_email_notification endpoint Allow sanitiseContentFor parameter in sendEmail endpoint May 8, 2026
@kr8n3r kr8n3r changed the title Allow sanitiseContentFor parameter in sendEmail endpoint Allow sanitiseContentFor parameter in sendEmail method May 8, 2026
@kr8n3r kr8n3r force-pushed the add-sanitise_content_for-optional-parameter branch from 0a0dac7 to f512111 Compare May 11, 2026 06:14
kr8n3r added 6 commits May 11, 2026 07:15
@kr8n3r
Allow optional santiseContentFor parameter
23382ea 
notifications-api accepts `sanitise_content_for`
payload -
https://github.com/alphagov/notifications-api/blob/main/app/v2/notifications/post_notifications.py#L134
- an array of strings denoting
personalisations keys that it sanitises.

This PR extends the client to allow this payload
to be sent to the API with `santiseContentFor`.
Naming matches our other parameters.

API also returns `sanitised_content` object -
https://github.com/alphagov/notifications-api/blob/main/app/v2/notifications/post_notifications.py#L215
- which we list in the `@returns` object notation.
@kr8n3r
Add unit test for santiseContentFor parameter
9981a0d
@kr8n3r
Add type definition for santiseContentFor parameter
960229e
@kr8n3r
Update integration definitions JSON spec
88c1ace 
Adds a defitnion for `sanitiseContentFor`
structure and types are.
@kr8n3r
Update integration test for sanitiseContentFor parameter
fc6d235
@kr8n3r
Update POST_notification_email_response JSON spec
ac2fb29 
Adds structure and type definitions for
`sanitised_content` object the API returns.

`sanitised_content` is always returned, being an
empty object if `sanitiseContentFor` is ommited, so
it's listed in the `required`. This matches the
python implementation - https://github.com/alphagov/notifications-python-client/blob/1902b7d9a062ab101a6e2a1554e5d1c35f7f2179/integration_test/schemas/v2/notification_schemas.py#L162
@kr8n3r kr8n3r force-pushed the add-sanitise_content_for-optional-parameter branch from f512111 to ac2fb29 Compare May 11, 2026 06:35
@kr8n3r
Update CHANGELOG
05d13fc 
Add unreleased entry for `sanitiseContentFor` optional parameter
@kr8n3r kr8n3r marked this pull request as ready for review May 11, 2026 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CrystalPea CrystalPea CrystalPea left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kr8n3r @CrystalPea