From 052b930ef5467c4f89e5e8112137cc666d355df4 Mon Sep 17 00:00:00 2001
From: Mubbshar Anwar <78487564+mubbsharanwar@users.noreply.github.com>
Date: Thu, 28 Aug 2025 19:01:19 +0500
Subject: [PATCH] fix: fix script tag quot escaped (#37296)

---
 .../discussion/rest_api/discussions_notifications.py |  5 ++++-
 .../rest_api/tests/test_discussions_notifications.py | 12 +++++-------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/lms/djangoapps/discussion/rest_api/discussions_notifications.py b/lms/djangoapps/discussion/rest_api/discussions_notifications.py
index 8249f17027..8efb2e8acb 100644
--- a/lms/djangoapps/discussion/rest_api/discussions_notifications.py
+++ b/lms/djangoapps/discussion/rest_api/discussions_notifications.py
@@ -2,6 +2,7 @@
 Discussion notifications sender util.
 """
 import re
+import html
 
 from bs4 import BeautifulSoup, Tag
 from django.conf import settings
@@ -447,7 +448,9 @@ def clean_thread_html_body(html_body):
     """
     Get post body with tags removed and limited to 500 characters
     """
-    html_body = BeautifulSoup(Truncator(html_body).chars(500, html=True), 'html.parser')
+    truncated_body = Truncator(html_body).chars(500, html=True)
+    truncated_body = html.unescape(truncated_body)
+    html_body = BeautifulSoup(truncated_body, 'html.parser')
 
     tags_to_remove = [
         "a", "link",  # Link Tags
diff --git a/lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py b/lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py
index 247bd23540..aaa920a0ff 100644
--- a/lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py
+++ b/lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py
@@ -2,7 +2,6 @@
 Unit tests for the DiscussionNotificationSender class
 """
 import re
-import django
 import unittest
 from unittest.mock import MagicMock, patch
 
@@ -109,13 +108,12 @@ class TestCleanThreadHtmlBody(unittest.TestCase):
         <p>Script test: <script>alert("hello");</script></p>
         <p>Some other content that should remain.</p>
         """
-        excepted_script_quot = 'alert(&amp;quot;hello&amp;quot;);' if django.VERSION >= (5, 0) else 'alert("hello");'
         expected_output = (
-            f'<p style="margin: 0">This is a link to a page.</p>'
-            f'<p style="margin: 0">Here is an image: </p>'
-            f'<p style="margin: 0">Embedded video: </p>'
-            f'<p style="margin: 0">Script test: {excepted_script_quot}</p>'
-            f'<p style="margin: 0">Some other content that should remain.</p>'
+            '<p style="margin: 0">This is a link to a page.</p>'
+            '<p style="margin: 0">Here is an image: </p>'
+            '<p style="margin: 0">Embedded video: </p>'
+            '<p style="margin: 0">Script test: alert("hello");</p>'
+            '<p style="margin: 0">Some other content that should remain.</p>'
         )
 
         result = clean_thread_html_body(html_body)