fix(export): fix broken template placeholders in session export HTML

[briannewman]

Problem

The /export-session command produces an HTML file that opens but renders completely blank — no messages, no sidebar, nothing. The file is ~2MB (session data is present) but the viewer JS never loads.

Root Cause

The {{MARKED_JS}}, {{HIGHLIGHT_JS}}, and {{JS}} placeholders in template.html were reformatted by Prettier into multi-line JS block statements:

<script>
  {
    {
      MARKED_JS;
    }
  }
</script>

The generateHtml() function in commands-export-session.ts uses .replace('{{MARKED_JS}}', markedJs) which requires contiguous {{MARKED_JS}} strings. The prettified version doesn't match, so the vendor libraries (marked.js, highlight.js) and the main app JS are never injected.

Introduced in 9d403fd.

Fix

Collapse placeholders back to single-line {{TOKEN}} format and add <!-- prettier-ignore --> comments to prevent re-formatting.

Testing

Before: /export-session → 2MB HTML file, opens with dark theme background but blank content
After: template placeholders match the .replace() calls, JS gets injected, session renders

[greptile-apps]

Greptile Summary

This PR fixes a critical regression introduced in 9d403fd where Prettier reformatted the {{MARKED_JS}}, {{HIGHLIGHT_JS}}, and {{JS}} placeholders in template.html into syntactically valid (but incorrect) multi-line JS block expressions, breaking the exact-string .replace() calls in generateHtml() so that vendor libraries and the application JS were never injected into the exported HTML.

The fix is minimal, targeted, and correct:

• Collapses each placeholder back to a single-line <script>{{TOKEN}}</script> form that matches the existing .replace() calls in commands-export-session.ts
• Adds <!-- prettier-ignore --> comments immediately before each <script> tag to prevent Prettier from re-introducing the same breakage

No logic changes are made to commands-export-session.ts; the template is the only file touched.

Confidence Score: 5/5

• This PR is safe to merge — it is a targeted, one-file fix that restores the intended behavior of the export feature.
• The root cause is clearly identified and the fix is precise. The <!-- prettier-ignore --> guards prevent the same regression from recurring. No logic is changed; no other code paths are affected. The remaining placeholders ({{CSS}} in a <style> tag and {{SESSION_DATA}} in a type="application/json" script block) were never vulnerable to this Prettier issue, so they correctly remain untouched.
• No files require special attention.

_{Last reviewed commit: 3f73181}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3f7318177d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[briannewman]

CI Status: The TypeScript failures in this run (missing DEFAULT_ACCOUNT_ID, type mismatches in extensions/nextcloud-talk, googlechat, zalouser) are pre-existing issues in the repository, not caused by these template changes. The PR itself only modifies template.html and commands-export-session.ts to fix the export HTML rendering.

Latest main (run #11081) shows a successful build, confirming these are unrelated. The export fix is ready to merge. 🐻

[openclaw-barnacle]

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[clawsweeper]

Codex automated review: keeping this open.

Keep this PR open. Current main still has the session export template/replacement mismatch, the latest release tree has the same mismatch, and the PR is paired with an open same-author bug report (#41862). The PR is a focused implementation candidate rather than obsolete cleanup.

Best possible solution:

Keep this PR open as a valid focused fix candidate. The best maintainer path is to land one canonical implementation that restores compact protected script placeholders, uses function replacers for injected JS content, adds a regression test against the real template/generation path, and then closes the paired bug report #41862 plus duplicate reports such as #49957 after merge.

What I checked:

• Current template still lacks compact JS placeholders: At current main, the export template contains formatter-expanded script blocks with MARKED_JS, HIGHLIGHT_JS, and JS identifiers instead of the contiguous {{MARKED_JS}}, {{HIGHLIGHT_JS}}, and {{JS}} tokens the exporter searches for. (src/auto-reply/reply/export-html/template.html:62, 9bc703213bb3)
• Exporter still uses exact token replacement: generateHtml() still calls .replace("{{JS}}", templateJs), .replace("{{MARKED_JS}}", markedJs), and .replace("{{HIGHLIGHT_JS}}", hljsJs), so the current template's split placeholders do not match and the viewer scripts are not injected. (src/auto-reply/reply/commands-export-session.ts:91, 9bc703213bb3)
• Read-only substitution check reproduces the mismatch: A read-only Node check found all three compact tokens absent from template.html; applying the current replacement sequence leaves MARKED_JS;, HIGHLIGHT_JS;, and JS; in the output and inserts no app script marker. (src/auto-reply/reply/export-html/template.html:65, 9bc703213bb3)
• Existing tests do not catch this path: The command test mocks template.html with compact placeholders, while the export HTML security test reads the real template but manually runs the vendor and app JS in a VM after replacing script placeholders with empty strings. That means current tests can pass while generated browser HTML still lacks injected JS. (src/auto-reply/reply/commands-export-session.test.ts:57, 9bc703213bb3)
• Latest release tree is also affected: The latest release commit cbcfdf62c7297bda66009ea7476f053c3e9addab has the same expanded placeholder blocks in the template and the same exact string replacements in the exporter, so this is not already shipped as fixed. (src/auto-reply/reply/export-html/template.html:62, cbcfdf62c729)
• Paired issue and duplicate context favor keeping it open: The provided GitHub context shows open same-author issue export-session HTML renders blank — template placeholders broken by formatter #41862 explicitly linked to this PR. Related duplicate reports and PRs (export-html template.html 被格式化工具错误处理导致导出失败 #43616, export-html template.html malformed by formatter causing export failure #43620, fix: restore export-html template placeholders and prevent reformatting #43634, fix: restore export HTML template placeholders broken by Prettier #50001, Bug: Session export HTML is empty due to reformatted JS placeholders in template #49957, fix: restore compact JS placeholders in session export template #49961) describe the same bug, but the current main evidence shows the fix still has not landed.

Remaining risk / open question:

• Current main and v2026.4.24 still leave unresolved script placeholder identifiers in exported HTML, so users can still get a blank session export viewer.
• The existing tests do not assert the real generated HTML injection path; landing should add focused regression coverage that the real template no longer contains unresolved JS placeholders after generation.
• There are multiple open or closed duplicate attempts around the same bug, so maintainers should choose one canonical fix path rather than closing all candidates before a fix lands.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against 9bc703213bb3.

[vincentkoc]

ProjectClownfish pushed a narrow repair to this branch so the original contributor path can stay canonical.

Source PR: #41861
Validation: pnpm -s vitest run src/auto-reply/reply/commands-export-session.test.ts src/auto-reply/reply/export-html/template.security.test.ts; pnpm check:changed
Contributor credit is preserved in the branch history and PR context.