Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle entity escaping later in received messages. #161

Merged
merged 1 commit into from
Sep 27, 2016
Merged

Handle entity escaping later in received messages. #161

merged 1 commit into from
Sep 27, 2016

Conversation

jlaunonen
Copy link
Contributor

  • Move entity decoding to be last replace operation to avoid limited
    value injection and denial of service.
  • Re-arrange entity decoding to avoid them chain-decoding: amp must be
    decoded last as ampersand is included in lt and gt matches.
  • Add test-cases for escaped messages.

@japsu japsu mentioned this pull request Sep 26, 2016
Closed
ekmartin
ekmartin requested changes Sep 27, 2016
View reviewed changes
test/bot.test.js
@@ -282,6 +282,13 @@ describe('Bot', function () {
this.bot.parseText('<!somecommand> <!somecommand|readable>')
.should.equal('<somecommand> <readable>');
});
it('should handle entity-encoded messages from slack', function () {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

woop, this should have a newline before it :D
would you mind adding an explicit assertion that makes sure this doesn't happen anymore as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure, i'll add newline. originally left that away to kinda tie that together with previous test.

@ekmartin
Copy link
Owner

Thanks!

@jlaunonen
Handle entity escaping later in received messages.
10eb303 
- Move entity decoding to be last replace operation to avoid limited
value injection and denial of service.
- Re-arrange entity decoding to avoid them chain-decoding: amp must be
decoded last as ampersand is included in lt and gt matches.
- Add test-cases for escaped messages.
@ekmartin ekmartin merged commit 0038034 into ekmartin:master Sep 27, 2016
@ekmartin
Copy link
Owner

Published in version 3.8.5 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekmartin ekmartin ekmartin requested changes

@japsu japsu japsu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jlaunonen @ekmartin @japsu