Comment 6 for bug 266220

I'm not going to try to handle that one. The current code looks in the HTML for a match to the pattern constructed by

pattern = name + ':(\xA0|\s| )*' + re.escape(passwd)

which seems to work in most cases. I'm not sure how the above was created, but at a minimum, the text was colored dark grey. If I just create a simple, 'rich formatting' message in gmail, I don't see that. Even with colored text, I see only things like

<span style=3D"color: rgb(51, 51, 51);">Approved: password</span>

I suggest that your poster try creating the post using gmail's "plain text" composition if possible. This (at least in my tests) creates a simple text/plain message.

If the poster feels it is necessary to include whatever fonts, colors, etc. that cause the 'Approved: password' line to be split up into those multiple <span> segments, there's not much I can do.

I could try to detect a case where I can find the Approved: password text if I strip out all the HTML tags, but not if I don't, and refuse to approve the post in that case, but I'm not sure how that should work. Probably, I should reject the post entirely with some reason like "Unable to remove 'Approved: password' text from HTML part". Holding the post doesn't seem right because it could be manually approved which would expose the password.