fix(description-sanitizer): allow BlockEditor file attachment and callout attributes on div elements (#27658)

* fix(description-sanitizer): allow BlockEditor file attachment and callout attributes on div elements

* addressed gitar comments

* unit test fix

* removed attribute

* fix java check style

* nit

Author: Rohit0301

openmetadata-service/src/main/java/org/openmetadata/service/util/DescriptionSanitizer.java

@@ -99,6 +99,30 @@ public final class DescriptionSanitizer {
           // Entity mention attributes on anchor tags (hashtag/mention nodes in BlockEditor)
           .allowAttributes("data-type", "data-label", "data-fqn", "data-entitytype")
           .onElements("a")
+          // File attachment and callout node attributes (BlockEditor div-based nodes)
+          // Note: data-temp-file is intentionally excluded — it holds transient upload state
+          .allowAttributes(
+              "data-type",
+              "data-filename",
+              "data-filesize",
+              "data-mimetype",
+              "data-uploading",
+              "data-upload-progress",
+              "data-is-image",
+              "data-alt",
+              "data-callouttype")
+          .onElements("div")
+          .allowAttributes("data-url")
+          .matching(
+              (elementName, attributeName, value) -> {
+                if (value.startsWith("http://")
+                    || value.startsWith("https://")
+                    || value.startsWith("/")) {
+                  return value;
+                }
+                return null;
+              })
+          .onElements("div")
           .allowAttributes("align")
           .onElements("td", "th", "tr", "table")
           .allowAttributes("colspan", "rowspan")

openmetadata-service/src/test/java/org/openmetadata/service/util/DescriptionSanitizerTest.java

@@ -230,6 +230,33 @@ void entityMentionAttributesOnAnchorArePreserved() {
             "<#E::tag::KnowledgeCenter.Article|[#Article](https://open-metadata.example.org/tags/KnowledgeCenter)>"));
   }
 
+  @Test
+  void fileAttachmentDivAttributesArePreserved() {
+    String input =
+        "<p></p><div data-type=\"file-attachment\""
+            + " data-url=\"https://example.com/image.png\""
+            + " data-filename=\"image.png\""
+            + " data-mimetype=\"image\""
+            + " data-uploading=\"false\""
+            + " data-upload-progress=\"0\""
+            + " data-is-image=\"true\""
+            + " data-filesize=\"1024\""
+            + " data-alt=\"test image\""
+            + " data-callouttype=\"info\"></div><p></p>";
+    String result = DescriptionSanitizer.sanitize(input);
+
+    assertTrue(result.contains("data-type=\"file-attachment\""));
+    assertTrue(result.contains("data-url=\"https://example.com/image.png\""));
+    assertTrue(result.contains("data-filename=\"image.png\""));
+    assertTrue(result.contains("data-mimetype=\"image\""));
+    assertTrue(result.contains("data-uploading=\"false\""));
+    assertTrue(result.contains("data-upload-progress=\"0\""));
+    assertTrue(result.contains("data-is-image=\"true\""));
+    assertTrue(result.contains("data-filesize=\"1024\""));
+    assertTrue(result.contains("data-alt=\"test image\""));
+    assertTrue(result.contains("data-callouttype=\"info\""));
+  }
+
   @Test
   void entityMentionAttributesOnAnchorArePreservedForMention() {
     String input =