Drop unnecessary escaping for workflow name and annotation

These shouldn't ever have been escaped before storing in the database, this should've always just been applied on the way out. We also don't need to do that anymore since we don't use `v-html` for these fields. Fixes #18354
galaxyproject · Jun 11, 2024 · 0a2d50a · 0a2d50a
1 parent 96c9be3
commit 0a2d50a
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/lib/galaxy/webapps/galaxy/api/workflows.py b/lib/galaxy/webapps/galaxy/api/workflows.py
@@ -22,7 +22,6 @@
     status,
 )
 from gxformat2._yaml import ordered_dump
-from markupsafe import escape
 from pydantic import (
     UUID1,
     UUID4,
@@ -87,7 +86,6 @@
 from galaxy.tools import recommendations
 from galaxy.tools.parameters import populate_state
 from galaxy.tools.parameters.workflow_utils import workflow_building_modes
-from galaxy.util.sanitize_html import sanitize_html
 from galaxy.version import VERSION
 from galaxy.web import (
     expose_api,
@@ -270,7 +268,7 @@ def create(self, trans: GalaxyWebTransaction, payload=None, **kwd):
                         )
                         import_source = "URL"
                     except Exception:
-                        raise exceptions.MessageException(f"Failed to open URL '{escape(archive_source)}'.")
+                        raise exceptions.MessageException(f"Failed to open URL '{archive_source}'.")
             elif hasattr(archive_file, "file"):
                 uploaded_file = archive_file.file
                 uploaded_file_name = uploaded_file.name
@@ -450,7 +448,7 @@ def update(self, trans: GalaxyWebTransaction, id, payload, **kwds):
             name_updated = new_workflow_name and new_workflow_name != stored_workflow.name
             steps_updated = "steps" in workflow_dict
             if name_updated and not steps_updated:
-                sanitized_name = sanitize_html(new_workflow_name or old_workflow.name)
+                sanitized_name = new_workflow_name or old_workflow.name
                 if not sanitized_name:
                     raise exceptions.MessageException("Workflow must have a valid name.")
                 workflow = old_workflow.copy(user=trans.user)
@@ -474,7 +472,7 @@ def update(self, trans: GalaxyWebTransaction, id, payload, **kwds):
                 require_flush = True
 
             if "annotation" in workflow_dict and not steps_updated:
-                newAnnotation = sanitize_html(workflow_dict["annotation"])
+                newAnnotation = workflow_dict["annotation"]
                 self.add_item_annotation(trans.sa_session, trans.user, stored_workflow, newAnnotation)
                 require_flush = True
 
@@ -601,7 +599,7 @@ def __api_import_from_archive(self, trans: GalaxyWebTransaction, archive_data, s
         workflow = workflow.latest_workflow
 
         response = {
-            "message": f"Workflow '{escape(workflow.name)}' imported successfully.",
+            "message": f"Workflow '{workflow.name}' imported successfully.",
             "status": "success",
             "id": trans.security.encode_id(workflow_id),
         }