From 6ce49573ef13cc4d74091c4b6eb0459b4b892706 Mon Sep 17 00:00:00 2001 From: gsinghpal Date: Wed, 27 May 2026 03:41:04 -0400 Subject: [PATCH] fix(fusion_helpdesk): reply body_is_html=True so HTML isn't escaped over XML-RPC Remote message_post escapes a plain str body (expects Markup, which can't cross XML-RPC). Without body_is_html=True the customer's reply rendered literal

/
tags. Co-Authored-By: Claude Opus 4.7 (1M context) --- fusion_helpdesk/controllers/main.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fusion_helpdesk/controllers/main.py b/fusion_helpdesk/controllers/main.py index a515f546..3fb22ab5 100644 --- a/fusion_helpdesk/controllers/main.py +++ b/fusion_helpdesk/controllers/main.py @@ -598,9 +598,14 @@ class FusionHelpdeskController(http.Controller): return {'ok': False, 'error': 'not_found', 'message': _('Ticket not found or not accessible.')} author_id = self._resolve_author(cfg, ident, found[0]) + # We escape the user's text ourselves, then mark it up as paragraphs. + # message_post() ESCAPES a plain str body (it expects a Markup for + # HTML) — but Markup can't cross XML-RPC, so we pass body_is_html=True + # which tells the remote message_post to treat our already-escaped + # HTML as Markup. Without this the customer would see literal

tags. html = '

%s

' % _html_escape(text).replace('\n', '
') self._rpc(cfg, 'helpdesk.ticket', 'message_post', [[ticket_id]], { - 'body': html, 'message_type': 'comment', + 'body': html, 'body_is_html': True, 'message_type': 'comment', 'subtype_xmlid': 'mail.mt_comment', 'author_id': author_id, }) messages = self._public_messages(cfg, ticket_id)