deps: remove "sanitize-html" dependency #4446

Problem:
This package was added in 9e8976b to
guard against unexpected server response, but it has a lot more features
(and transitive dependencies) that we aren't using. It's also adding
a maintenance cost: #4435

Solution:
- Use `encodeHTML` instead.
- Remove unnecessary dependencies.

Author: justinmk3

package-lock.json

@@ -4293,7 +4293,6 @@
         "@types/node-fetch": "^2.6.8",
         "@types/prismjs": "^1.26.0",
         "@types/readline-sync": "^1.4.3",
-        "@types/sanitize-html": "2.3.1",
         "@types/semver": "^7.5.0",
         "@types/sinon": "^10.0.5",
         "@types/sinonjs__fake-timers": "^8.1.2",
@@ -4321,12 +4320,12 @@
         "sass-loader": "^12.6.0",
         "sinon": "^14.0.0",
         "style-loader": "^3.3.1",
+        "ts-node": "^10.9.1",
+        "typescript": "^5.0.4",
         "umd-compat-loader": "^2.1.2",
         "vue-loader": "^17.2.2",
         "vue-style-loader": "^4.1.3",
-        "webfont": "^11.2.26",
-        "typescript": "^5.0.4",
-        "ts-node": "^10.9.1"
+        "webfont": "^11.2.26"
     },
     "dependencies": {
         "@amzn/codewhisperer-streaming": "file:../../src.gen/@amzn/codewhisperer-streaming",
@@ -4367,7 +4366,6 @@
         "mime-types": "^2.1.32",
         "node-fetch": "^2.7.0",
         "portfinder": "^1.0.32",
-        "sanitize-html": "^2.3.3",
         "semver": "^7.5.4",
         "strip-ansi": "^5.2.0",
         "tcp-port-used": "^1.0.1",

packages/toolkit/package.json

@@ -3,7 +3,6 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import sanitizeHtml from 'sanitize-html'
 import * as vscode from 'vscode'
 import { ToolkitError } from '../../shared/errors'
 import { getLogger } from '../../shared/logger'
@@ -12,6 +11,7 @@ import { IllegalStateTransition, UserMessageNotFoundError } from '../errors'
 import { SessionState, SessionStateAction, SessionStateConfig, SessionStateInteraction } from '../types'
 import { prepareRepoData } from '../util/files'
 import { uploadCode } from '../util/upload'
+import { encodeHTML } from '../../shared/utilities/textUtilities'
 
 export class ConversationNotStartedState implements Omit<SessionState, 'uploadId'> {
     public tokenSource: vscode.CancellationTokenSource
@@ -90,10 +90,9 @@ export class RefinementState implements SessionState {
                     action.msg
                 )
 
-                this.approach = sanitizeHtml(
+                this.approach = encodeHTML(
                     approach ??
-                        'There has been a problem generating an approach. Please open a conversation in a new tab',
-                    {}
+                        'There has been a problem generating an approach. Please open a conversation in a new tab'
                 )
                 getLogger().debug(`Approach response: %O`, this.approach)
 

packages/toolkit/src/amazonqFeatureDev/session/sessionState.ts

@@ -135,7 +135,8 @@ describe('sessionState', () => {
             const state = new RefinementState(testConfig, invalidHTMLApproach, tabId, 0)
             const result = await state.interact(testAction)
 
-            const expectedApproach = `<h1>hello world</h1>`
+            const expectedApproach =
+                '&lt;head&gt;&lt;script src="https://foo"&gt;&lt;/script&gt;&lt;/head&gt;&lt;body&gt;&lt;h1&gt;hello world&lt;/h1&gt;&lt;/body&gt;'
             assert.deepStrictEqual(result, {
                 nextState: new RefinementState(testConfig, expectedApproach, tabId, 1),
                 interaction: {