Description
formatMessage in packages/slack/src/message.ts has a regex that converts bare Slack user/workspace IDs (starting with U or W followed by 8+ uppercase alphanumeric chars) into <@...> mention syntax. However, this regex also matches regular uppercase strings that happen to start with W or U, such as environment variable names.
Example
The string:
CODER_WORKSPACE_IS_PREBUILD_CLAIM=true
Gets transformed into:
CODER_<@WORKSPACE>_IS_PREBUILD_CLAIM=true
Which Slack then renders as a broken user mention.
Root cause
The regex on line 53:
/(^|[^A-Z0-9<@])((?:U|W)[A-Z0-9]{8,})(?![A-Z0-9>])/g
WORKSPACE matches because:
- It starts with
W
ORKSPACE provides 8 uppercase alpha characters- The
_ that follows satisfies the negative lookahead (?![A-Z0-9>])
Two issues to fix
-
The regex is too broad: It matches any uppercase string starting with W or U that has 8+ chars, not just actual Slack IDs. Slack IDs are alphanumeric (mixed letters and digits like U02UD2WE3HA), while the false positives are typically pure-alpha strings. Tightening the pattern to require at least one digit would help.
-
No code-block awareness: The regex replacements in formatMessage operate on the entire message text without skipping content inside backtick code blocks or inline code spans. Content inside code blocks should not be subject to mention-wrapping.
Additionally, the section block's mrkdwn text object in tools.ts does not set verbatim: true, which means Slack may also apply its own auto-linking on top of the transformed text.
Created on behalf of @davo-canva
Description
formatMessageinpackages/slack/src/message.tshas a regex that converts bare Slack user/workspace IDs (starting withUorWfollowed by 8+ uppercase alphanumeric chars) into<@...>mention syntax. However, this regex also matches regular uppercase strings that happen to start withWorU, such as environment variable names.Example
The string:
Gets transformed into:
Which Slack then renders as a broken user mention.
Root cause
The regex on line 53:
WORKSPACEmatches because:WORKSPACEprovides 8 uppercase alpha characters_that follows satisfies the negative lookahead(?![A-Z0-9>])Two issues to fix
The regex is too broad: It matches any uppercase string starting with
WorUthat has 8+ chars, not just actual Slack IDs. Slack IDs are alphanumeric (mixed letters and digits likeU02UD2WE3HA), while the false positives are typically pure-alpha strings. Tightening the pattern to require at least one digit would help.No code-block awareness: The regex replacements in
formatMessageoperate on the entire message text without skipping content inside backtick code blocks or inline code spans. Content inside code blocks should not be subject to mention-wrapping.Additionally, the
sectionblock'smrkdwntext object intools.tsdoes not setverbatim: true, which means Slack may also apply its own auto-linking on top of the transformed text.Created on behalf of @davo-canva