Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webhook Sending Functions Seem to Use the Regular JSON Encoder Which Escapes HTML Characters Unnecessarily #1252

Open
zoominGiladSher opened this issue Jan 11, 2024 · 1 comment
Open

Webhook Sending Functions Seem to Use the Regular JSON Encoder Which Escapes HTML Characters Unnecessarily #1252

zoominGiladSher opened this issue Jan 11, 2024 · 1 comment

Comments

@zoominGiladSher
Copy link

What happened

While working on a Github action to send a release note to a Slack channel I saw that using the PostWebhook function causes the message to have weird characters in Slack due to the HTML escaping. For example, an apostrophe is converted to '.

Expected behavior

JSON marshaller only encodes the relevant characters as defined in the Slack documentation

Steps to reproduce

Send a webhook with an apostrophe in the body of the request. See that the resulting message has an HTML escaped symbol.

reproducible code

package main

import (
	"github.com/slack-go/slack"
)

func main() {
    blocks = new(slack.Blocks)
    blocks.BlockSet = append(blocks.BlockSet, slack.NewSectionBlock(slack.NewTextBlockObject("mrkdwn", "'test' What's up", false, false), nil, nil))
    _ := slack.PostWebhook("<WebhookURL>", &slack.WebhookMessage{Blocks: blocks})
}

manifest.yaml

Not sure what this is?

Versions

  • Go: go version go1.21.5 darwin/arm64
  • slack-go/slack: v0.12.3
@zoominGiladSher
Copy link
Author

zoominGiladSher commented Jan 11, 2024
edited
Loading

Extra context: I saw this in

slack/webhooks.go

Lines 41 to 63 in e715221

func PostWebhookCustomHTTPContext(ctx context.Context, url string, httpClient *http.Client, msg *WebhookMessage) error {
raw, err := json.Marshal(msg)
if err != nil {
return fmt.Errorf("marshal failed: %w", err)
}
req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(raw))
if err != nil {
return fmt.Errorf("failed new request: %w", err)
}
req.Header.Set("Content-Type", "application/json")
resp, err := httpClient.Do(req)
if err != nil {
return fmt.Errorf("failed to post webhook: %w", err)
}
defer func() {
io.Copy(ioutil.Discard, resp.Body)
resp.Body.Close()
}()
return checkStatusCode(resp, discard{})
}
and see that there's no use of the EscapeMessage function mentioned in

slack/slackutilsx/slackutilsx.go

Lines 53 to 59 in e715221

// initialize replacer only once (if needed)
var escapeReplacer = strings.NewReplacer("&", "&amp;", "<", "&lt;", ">", "&gt;")
// EscapeMessage text
func EscapeMessage(message string) string {
return escapeReplacer.Replace(message)
}

Not sure if this is the solution, but this is what I saw from a very shallow look at things. Please let me know if I can help in any way or if you'd like me to try and tackle this myself!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zoominGiladSher