fix(core): Fix html header check (#22713)

Author: tomi

packages/core/src/__tests__/html-sandbox.test.ts

@@ -75,11 +75,15 @@ describe('isHtmlRenderedContentType', () => {
 		});
 	});
 
+	it('should handle content type with extra spaces', () => {
+		expect(isHtmlRenderedContentType('  text/html')).toBe(true);
+		expect(isHtmlRenderedContentType('text/html  ')).toBe(true);
+		expect(isHtmlRenderedContentType('  text/html  ')).toBe(true);
+	});
+
 	it('should handle edge cases', () => {
 		expect(isHtmlRenderedContentType('text/htmlsomething')).toBe(true);
 		expect(isHtmlRenderedContentType('application/xhtml+xmlsomething')).toBe(true);
-		expect(isHtmlRenderedContentType(' text/html')).toBe(false);
-		expect(isHtmlRenderedContentType('text/html ')).toBe(true);
 	});
 });
 

packages/core/src/html-sandbox.ts

@@ -17,7 +17,7 @@ export const getWebhookSandboxCSP = (): string => {
  * as HTML.
  */
 export const isHtmlRenderedContentType = (contentType: string) => {
-	const contentTypeLower = contentType.toLowerCase();
+	const contentTypeLower = contentType.trim().toLowerCase();
 
 	return (
 		// The content-type can also contain a charset, e.g. "text/html; charset=utf-8"