Skip to content

Commit

Permalink
Merge pull request #178 from KENNYSOFT/feature/escape-pr-title
Browse files Browse the repository at this point in the history 
fix(fields): escape Slack control characters in pullRequest title
  • Loading branch information
@8398a7
8398a7 authored Nov 22, 2021
2 parents 5c8520d + be41190 commit 512ca3b
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 5 deletions.
2 changes: 1 addition & 1 deletion __tests__/fixtures/repos.commits.get.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,4 +92,4 @@
"patch": "@@ -29,7 +29,7 @@\n....."
}
]
}
}
2 changes: 1 addition & 1 deletion __tests__/helper.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ export const pullRequest = (): Field => {
let value;
if (context.eventName.startsWith('pull_request')) {
value =
'<https://github.com/8398a7/action-slack/pull/123|Add pullRequest field #123>';
'<https://github.com/8398a7/action-slack/pull/123|Add pullRequest field &amp; escaping &lt;, &gt; #123>';
} else {
value = 'n/a';
}
Expand Down
4 changes: 2 additions & 2 deletions __tests__/pull_request.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ describe.each`
github.context.payload = {
pull_request: {
html_url: 'https://github.com/8398a7/action-slack/pull/123',
title: 'Add pullRequest field',
title: 'Add pullRequest field & escaping <, >',
number: 123,
head: { sha },
},
Expand All @@ -90,7 +90,7 @@ describe.each`
payload.attachments[0].color = 'good';
expect(await client.prepare(msg)).toStrictEqual(payload);
expect(process.env.AS_PULL_REQUEST).toStrictEqual(
'<https://github.com/8398a7/action-slack/pull/123|Add pullRequest field #123>',
'<https://github.com/8398a7/action-slack/pull/123|Add pullRequest field &amp; escaping &lt;, &gt; #123>',
);
});
});
7 changes: 6 additions & 1 deletion src/fields.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,12 @@ export class FieldFactory {
private async pullRequest(): Promise<string> {
let value;
if (context.eventName.startsWith('pull_request')) {
value = `<${context.payload.pull_request?.html_url}|${context.payload.pull_request?.title} #${context.payload.pull_request?.number}>`;
value = `<${
context.payload.pull_request?.html_url
}|${context.payload.pull_request?.title
?.replace(/&/g, '&amp;')
?.replace(/</g, '&lt;')
?.replace(/>/g, '&gt;')} #${context.payload.pull_request?.number}>`;
} else {
value = 'n/a';
}
Expand Down

0 comments on commit 512ca3b

Please sign in to comment.