SAK-52334 Global changes in FormattedText content sanitization in tools

[ern]

https://sakaiproject.atlassian.net/browse/SAK-52334

Summary by CodeRabbit

• Refactor

  • Streamlined content sanitization and rich-text processing across tools — reduces inline HTML/formatting alerts so users experience fewer immediate validation interruptions and more consistent content rendering.

• Chores

  • Standardized text formatting behavior and tightened upload/processing flows for more reliable handling of attachments, messages, polls, and site/course descriptions.

[coderabbitai]

Walkthrough

This PR replaces StringBuilder-based alert/error collection and related try/catch/early-return logic in FormattedText processing calls across many modules by calling FormattedText.processFormattedText/processHtmlDocument with null error parameters and removing alert propagation.

Changes

Cohort / File(s)	Summary
Content & Course Tools announcement/announcement-tool/tool/src/java/org/sakaiproject/announcement/tool/AnnouncementAction.java, calendar/calendar-tool/tool/src/java/org/sakaiproject/calendar/tool/CalendarAction.java, citations/citations-tool/tool/src/java/org/sakaiproject/citation/tool/CitationHelperAction.java, content/content-tool/tool/src/java/org/sakaiproject/content/tool/ListItem.java, content/content-tool/tool/src/java/org/sakaiproject/content/tool/ResourcesAction.java, content/content-tool/tool/src/java/org/sakaiproject/content/tool/ResourcesHelperAction.java, assignment/tool/src/java/org/sakaiproject/assignment/entityproviders/AssignmentEntityProvider.java, assignment/tool/src/java/org/sakaiproject/assignment/tool/AssignmentAction.java, site-manage/site-manage-tool/tool/src/java/org/sakaiproject/site/tool/SiteAction.java, syllabus/syllabus-app/src/java/org/sakaiproject/tool/syllabus/SyllabusTool.java, syllabus/syllabus-app/src/java/org/sakaiproject/tool/syllabus/entityproviders/SyllabusEntityProvider.java	Replaced alert-accumulating StringBuilder usage with null parameters in FormattedText calls; removed local alert accumulation, try/catch blocks, logging and early-return validation branches tied to those alerts.
Communication & Messaging kernel/kernel-impl/src/main/java/org/sakaiproject/messaging/impl/UserMessagingServiceImpl.java, kernel/kernel-impl/src/test/java/org/sakaiproject/messaging/impl/UserMessagingServiceTestConfiguration.java, mailarchive/mailarchive-impl/impl/src/java/org/sakaiproject/mailarchive/impl/BaseMailArchiveService.java, mailsender/impl/src/java/org/sakaiproject/mailsender/logic/impl/ExternalLogicImpl.java, msgcntr/messageforums-app/src/java/org/sakaiproject/tool/messageforums/DiscussionForumTool.java, msgcntr/messageforums-app/src/java/org/sakaiproject/tool/messageforums/PrivateMessagesTool.java, msgcntr/messageforums-component-impl/src/java/org/sakaiproject/component/app/messageforums/ui/PrivateMessageManagerImpl.java, commons/impl/src/java/org/sakaiproject/commons/impl/CommonsManagerImpl.java	Removed StringBuilder alert collectors and surrounding exception/log handling from title/body sanitization calls; updated test mocks to expect the three-argument null-based API.
Learning & Participation Tools lessonbuilder/tool/src/java/org/sakaiproject/lessonbuildertool/service/AjaxServer.java, lessonbuilder/tool/src/java/org/sakaiproject/lessonbuildertool/tool/beans/SimplePageBean.java, samigo/samigo-app/src/java/org/sakaiproject/jsf/renderer/RichTextEditArea.java, samigo/samigo-qti/src/java/org/sakaiproject/tool/assessment/qti/util/XmlUtil.java, samigo/samigo-qti/src/test/org/sakaiproject/tool/assessment/services/qti/QTIServiceTest.java, polls/tool/src/main/java/org/sakaiproject/poll/tool/mvc/OptionController.java, polls/tool/src/main/java/org/sakaiproject/poll/tool/mvc/PollEditorController.java, signup/tool/src/main/java/org/sakaiproject/signup/tool/jsf/NewSignupMeetingBean.java, signup/tool/src/main/java/org/sakaiproject/signup/tool/jsf/organizer/EditMeetingSignupMBean.java, profile2/util/src/main/java/org/sakaiproject/profile2/util/ProfileUtils.java, web/web-portlet/src/java/org/sakaiproject/portlets/PortletIFrame.java	Removed reflection/antisamy setup in lessonbuilder and replaced many processFormattedText/processHtmlDocument calls to use null error parameters; eliminated localized error-collection and related validation/early-return logic in submission, signup, polling, and QTI flows.
Forums, Private Messages & Tools msgcntr/messageforums-app/.../DiscussionForumTool.java, msgcntr/messageforums-app/.../PrivateMessagesTool.java, msgcntr/messageforums-component-impl/.../PrivateMessageManagerImpl.java, mailarchive/.../BaseMailArchiveService.java, mailsender/.../ExternalLogicImpl.java	Standardized FormattedText usage to null-valued error parameters across forum, private message, mail archive and mail sender flows, removing StringBuilder alert collection and related handling.
Miscellaneous utilities & tests samigo/samigo-qti/.../QTIServiceTest.java, kernel/.../UserMessagingServiceTestConfiguration.java, samigo/.../RichTextEditArea.java, profile2/util/.../ProfileUtils.java	Adjusted tests and utility call sites to match the new three-argument null-based FormattedText overload; removed local alert builders and exception/log handling around formatting calls.

Possibly Related PRs

• SAK-51993 Kernel Add legacy-UTF8 protection around notification titles #14108 — touches UserMessagingServiceImpl/FormatedText handling; related to notification title/body processing changes.
• SAK-52230 Syllabus keep sanitized content in direct updates #14346 — updates SyllabusEntityProvider.FormattedText handling and alert propagation, aligning with this PR's alert-removal changes.
• SAK-52230 Syllabus fix bad syllabus HTML filtering flow #14281 — modifies SyllabusTool to stop early returns on sanitization alerts, directly related to the same refactor pattern.

Suggested Reviewers

• ottenhoff
• csev

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 41.18% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: a global refactoring to simplify FormattedText content sanitization across multiple tool modules by removing alert parameter handling.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@samigo/samigo-qti/src/test/org/sakaiproject/tool/assessment/services/qti/QTIServiceTest.java`:
- Around line 61-62: The test mocks an overload of
FormattedText.processFormattedText that doesn't exist (it uses
processFormattedText(String, null, null)); update the mock in QTIServiceTest to
match the real method signature by using ArgumentMatchers.anyString() and
ArgumentMatchers.any(StringBuilder.class) (and the correct matcher for the third
param) so the Mockito.when targets the actual overload, and also fix
XmlUtil.java calls that pass nulls to call processFormattedText(value, new
StringBuilder(), ...) (or otherwise supply a non-null StringBuilder) so
production code and test use the same valid signature.