fix: strip HTML tags from search result descriptions

After decoding HTML entities, descriptions containing entity-encoded
HTML (e.g. <a>) were displaying reconstructed tags as raw text.
Apply stripHtmlTags after decodeHtmlEntities in PackageSelector and
TableRow components.

Fixes #1681

Author: serhalp

app/components/Compare/PackageSelector.vue

@@ -301,7 +301,7 @@ onClickOutside(containerRef, () => {
               v-if="result.description"
               class="text-xs text-fg-muted truncate mt-0.5 w-full block"
             >
-              {{ decodeHtmlEntities(result.description) }}
+              {{ stripHtmlTags(decodeHtmlEntities(result.description)) }}
             </span>
           </ButtonBase>
         </div>

app/components/Package/TableRow.vue

@@ -69,7 +69,7 @@ const allMaintainersText = computed(() => {
       v-if="isColumnVisible('description')"
       class="py-2 px-3 text-sm text-fg-muted max-w-xs truncate"
     >
-      {{ decodeHtmlEntities(pkg.description || '-') }}
+      {{ stripHtmlTags(decodeHtmlEntities(pkg.description || '-')) }}
     </td>
 
     <!-- Downloads -->

shared/utils/html.ts

@@ -11,3 +11,7 @@ const htmlEntities: Record<string, string> = {
 export function decodeHtmlEntities(text: string): string {
   return text.replace(/&(?:amp|lt|gt|quot|apos|nbsp|#39);/g, match => htmlEntities[match] || match)
 }
+
+export function stripHtmlTags(text: string): string {
+  return text.replace(/<[^>]*>/g, '')
+}

test/unit/shared/utils/html.spec.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it } from 'vitest'
-import { decodeHtmlEntities } from '../../../../shared/utils/html'
+import { decodeHtmlEntities, stripHtmlTags } from '../../../../shared/utils/html'
 
 describe('decodeHtmlEntities', () => {
   it.each([
@@ -26,3 +26,26 @@ describe('decodeHtmlEntities', () => {
     expect(decodeHtmlEntities('&unknown;')).toBe('&unknown;')
   })
 })
+
+describe('stripHtmlTags', () => {
+  it('removes simple HTML tags', () => {
+    expect(stripHtmlTags('<b>bold</b>')).toBe('bold')
+  })
+
+  it('removes anchor tags keeping text content', () => {
+    expect(stripHtmlTags('<a href="https://example.com">link</a>')).toBe('link')
+  })
+
+  it('removes self-closing tags', () => {
+    expect(stripHtmlTags('before<br/>after')).toBe('beforeafter')
+  })
+
+  it('leaves plain text unchanged', () => {
+    expect(stripHtmlTags('no tags here')).toBe('no tags here')
+  })
+
+  it('works with decodeHtmlEntities to clean descriptions', () => {
+    const raw = '&lt;a href=&quot;url&quot;&gt;link&lt;/a&gt; and text'
+    expect(stripHtmlTags(decodeHtmlEntities(raw))).toBe('link and text')
+  })
+})