Allow heading tags (h1-h6) in ContentSanitizer so news editor headings render

tests/Feature/Studio/StudioArtworkAiAssistApiTest.php

@@ -644,6 +644,29 @@ it('applies ai suggestions to artwork fields and tracks ai sources', function ()
         ->toBeTrue();
 });
 
+it('rejects raw html when ai assist applies artwork descriptions', function (): void {
+    $user = User::factory()->create();
+    $artwork = Artwork::factory()->create([
+        'user_id' => $user->id,
+        'description' => 'Original description.',
+    ]);
+
+    ArtworkAiAssist::query()->create([
+        'artwork_id' => $artwork->id,
+        'status' => ArtworkAiAssist::STATUS_READY,
+    ]);
+
+    actingAs($user);
+
+    postJson('/api/studio/artworks/' . $artwork->id . '/ai/apply', [
+        'description' => '<img src="https://spam.example/test.jpg" alt="">',
+    ])
+        ->assertStatus(422)
+        ->assertJsonValidationErrors(['description']);
+
+    expect($artwork->fresh()->description)->toBe('Original description.');
+});
+
 it('applies ai content type suggestions by resolving a default category', function (): void {
     $photography = ContentType::query()->create([
         'name' => 'Photography',