Skip to content

Loading…

Escaped help messages 'broken' on non-html chats #343

Closed
nesQuick opened this Issue · 10 comments

2 participants

@nesQuick

Hey,

As said in Topic, the "new" escaped help messages will break in any evniroment which is non-html based, like jabber or shell adapter.

hubot who is <user> - see what roles a user has

This is what you'll get on the shell adapter using hubot help. At the moment the escaping is done in the help command itself. So my guess is that it would make more sense to do any sanitizing in the adapter itself. But I'm not sure if this might have side effects to other features.'

Love,

@technicalpickles
GitHub member
@nesQuick

Yeah but I would prefer a more general fix, b/c I guess almost all users who are using a non-html adapter will get this issue.

@nesQuick

fixed with #345

@nesQuick nesQuick closed this
@technicalpickles
GitHub member

Your original idea of having adapters escape or not is probably a more general fix, rather than having it in help.coffee. The biggest downside of it being there is that the only time you definitely get this updated file is starting a new hubot, or if you know enough to get updates from hubot.

@technicalpickles
GitHub member

Also, I may not have been clear, but campfire (ie a html based campfire) seems to be okay with unescaped output. I think it's because help does a paste, which is wrapped in <pre>

@nesQuick

So what was the reason to add this escaping.
Related question, why is it escaped this way DIY and not with a sanitizer?

Maybe we can just remove the escaping? It seems that it causes more confusion then it helps, or am I missing a big point?

@technicalpickles
GitHub member

Based on dc8ad3c, it looks like it was mistakenly added to the help command, rather than the HTTP endpoint.

Fixed this, but you'll need to copy the local copy down to get the update.

@nesQuick

But why does an "create [--create]" hubot not use the scripts from node_modules/hubot/src/scripts/* path?

@technicalpickles
GitHub member
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.