From 36f8a32dc2786dacd553f50dc8f733fd1b947e6f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 15:11:55 +0000
Subject: [PATCH 1/2] Initial plan


From 901f38d75312a2589fec2cefd03f87c22f57ed00 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 15:23:53 +0000
Subject: [PATCH 2/2] =?UTF-8?q?Update=20sanitizeDomainName=20to=20show=20f?=
 =?UTF-8?q?irst/last=2024=20chars=20with=20=E2=80=A6=20ellipsis?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Changed from showing first 3 parts to showing first 24 + last 24 chars
- Use Unicode ellipsis "…" instead of "..."
- Applies to domains longer than 48 characters
- Updated all related tests in sanitize_content.test.cjs and firewall_blocked_domains.test.cjs

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .../js/firewall_blocked_domains.test.cjs      |  2 +-
 actions/setup/js/sanitize_content.test.cjs    | 34 ++++++++++++-------
 actions/setup/js/sanitize_content_core.cjs    | 16 +++++----
 3 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/actions/setup/js/firewall_blocked_domains.test.cjs b/actions/setup/js/firewall_blocked_domains.test.cjs
index 0bb7af83bca..78afee296af 100644
--- a/actions/setup/js/firewall_blocked_domains.test.cjs
+++ b/actions/setup/js/firewall_blocked_domains.test.cjs
@@ -112,7 +112,7 @@ describe("firewall_blocked_domains.cjs", () => {
     it("should extract and sanitize domain from domain:port format", () => {
       expect(extractAndSanitizeDomain("example.com:443")).toBe("example.com");
       expect(extractAndSanitizeDomain("api.github.com:443")).toBe("api.github.com");
-      expect(extractAndSanitizeDomain("sub.domain.example.com:8080")).toBe("sub.domain.example...");
+      expect(extractAndSanitizeDomain("sub.domain.example.com:8080")).toBe("sub.domain.example.com");
     });
 
     it("should handle placeholder domain", () => {
diff --git a/actions/setup/js/sanitize_content.test.cjs b/actions/setup/js/sanitize_content.test.cjs
index b8c83f8b75a..613a8d4f714 100644
--- a/actions/setup/js/sanitize_content.test.cjs
+++ b/actions/setup/js/sanitize_content.test.cjs
@@ -570,9 +570,9 @@ describe("sanitize_content.cjs", () => {
       expect(sanitizeDomainName("a.b.c")).toBe("a.b.c");
     });
 
-    it("should truncate domains with more than 3 parts", () => {
-      expect(sanitizeDomainName("a.b.c.d.com")).toBe("a.b.c...");
-      expect(sanitizeDomainName("one.two.three.four.five.com")).toBe("one.two.three...");
+    it("should keep domains under 48 characters unchanged", () => {
+      expect(sanitizeDomainName("a.b.c.d.com")).toBe("a.b.c.d.com");
+      expect(sanitizeDomainName("one.two.three.four.five.com")).toBe("one.two.three.four.five.com");
     });
 
     it("should remove non-alphanumeric characters from each part", () => {
@@ -615,8 +615,15 @@ describe("sanitize_content.cjs", () => {
       expect(sanitizeDomainName("@#$")).toBe("");
     });
 
-    it("should truncate with ... for 4+ parts after sanitization", () => {
-      expect(sanitizeDomainName("alpha.beta.gamma.delta.epsilon.com")).toBe("alpha.beta.gamma...");
+    it("should truncate domains longer than 48 characters to show first 24 and last 24", () => {
+      // This domain is 52 characters long
+      const longDomain = "very.long.subdomain.name.with.many.parts.example.com";
+      const result = sanitizeDomainName(longDomain);
+      expect(result.length).toBe(49); // 24 + 1 (ellipsis) + 24
+      expect(result).toBe("very.long.subdomain.name…h.many.parts.example.com");
+
+      // Another long domain test
+      expect(sanitizeDomainName("alpha.beta.gamma.delta.epsilon.com")).toBe("alpha.beta.gamma.delta.epsilon.com");
     });
 
     it("should handle mixed case domains", () => {
@@ -631,12 +638,12 @@ describe("sanitize_content.cjs", () => {
 
     it("should apply sanitization in actual URL redaction for HTTP", () => {
       const result = sanitizeContent("Visit http://sub.example.malicious.com/path");
-      expect(result).toContain("(sub.example.malicious.../redacted)");
+      expect(result).toContain("(sub.example.malicious.com/redacted)");
     });
 
     it("should apply sanitization in actual URL redaction for HTTPS", () => {
       const result = sanitizeContent("Visit https://very.deep.nested.subdomain.evil.com/path");
-      expect(result).toContain("(very.deep.nested.../redacted)");
+      expect(result).toContain("(very.deep.nested.subdomain.evil.com/redacted)");
     });
 
     it("should handle domains with special characters in URL context", () => {
@@ -651,18 +658,19 @@ describe("sanitize_content.cjs", () => {
       expect(result).toContain("(test.com/redacted)");
     });
 
-    it("should handle subdomain with 3 parts correctly", () => {
-      // api.v2.example.com has 4 parts, so it will be truncated
+    it("should handle subdomain with multiple parts correctly", () => {
+      // api.v2.example.com is under 48 chars, so it stays unchanged
       const result = sanitizeContent("Visit http://api.v2.example.com/endpoint");
-      expect(result).toContain("(api.v2.example.../redacted)");
+      expect(result).toContain("(api.v2.example.com/redacted)");
     });
 
-    it("should handle 5+ part domains", () => {
-      expect(sanitizeDomainName("a.b.c.d.e.f.com")).toBe("a.b.c...");
+    it("should handle domains with many parts", () => {
+      // Under 48 chars - not truncated
+      expect(sanitizeDomainName("a.b.c.d.e.f.com")).toBe("a.b.c.d.e.f.com");
     });
 
     it("should handle domains starting with numbers", () => {
-      expect(sanitizeDomainName("123.456.example.com")).toBe("123.456.example...");
+      expect(sanitizeDomainName("123.456.example.com")).toBe("123.456.example.com");
     });
 
     it("should handle single part domain", () => {
diff --git a/actions/setup/js/sanitize_content_core.cjs b/actions/setup/js/sanitize_content_core.cjs
index 8e4773a5fc1..372a2bb7565 100644
--- a/actions/setup/js/sanitize_content_core.cjs
+++ b/actions/setup/js/sanitize_content_core.cjs
@@ -155,13 +155,17 @@ function sanitizeDomainName(domain) {
   // Filter out empty parts
   const nonEmptyParts = sanitizedParts.filter(part => part.length > 0);
 
-  // Take up to 3 parts
-  if (nonEmptyParts.length <= 3) {
-    return nonEmptyParts.join(".");
-  } else {
-    // Take first 3 parts and add "..."
-    return nonEmptyParts.slice(0, 3).join(".") + "...";
+  // Join the parts back together
+  const joined = nonEmptyParts.join(".");
+
+  // If the domain is longer than 48 characters, truncate to show first 24 and last 24
+  if (joined.length > 48) {
+    const first24 = joined.substring(0, 24);
+    const last24 = joined.substring(joined.length - 24);
+    return first24 + "…" + last24;
   }
+
+  return joined;
 }
 
 /**