Merge pull request #406 from ToxicFrog/toxicfrog/escape

Properly escape <&> when sending messages to Slack.
author: Ben Kelly <bk@ancilla.ca> 2017-07-26 11:34:43 -0400
committer: GitHub <noreply@github.com> 2017-07-26 11:34:43 -0400
commit: c5023198f4adb3e7dcc0111a6798ccfec115adc4 (patch)
tree: bb791fbbf72962e6107bb732f0689e110ef9385c
parent: 0523eb9ca47b0d472f2981c700461ed78c576bff (diff)
parent: bd13ad3dc80b60058d8071de176a2cb3a8cda06a (diff)
download: wee-slack-c5023198f4adb3e7dcc0111a6798ccfec115adc4.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/wee_slack.py b/wee_slack.py
index 0da53f0..b974fea 100644
--- a/wee_slack.py
+++ b/wee_slack.py
@@ -2520,9 +2520,16 @@ def linkify_text(message, team, channel):
     usernames = team.get_username_map()
     channels = team.get_channel_map()
     message = (message
+        # Replace IRC formatting chars with Slack formatting chars.
         .replace('\x02', '*')
         .replace('\x1D', '_')
         .replace('\x1F', config.map_underline_to)
+        # Escape chars that have special meaning to Slack. Note that we do not
+        # (and should not) perform a full URL escaping here.
+        # See https://api.slack.com/docs/message-formatting for details.
+        .replace('<', '&lt')
+        .replace('>', '&gt')
+        .replace('&', '&amp')
         .split(' '))
     for item in enumerate(message):
         targets = re.match('^\s*([@#])([\w.-]+[\w. -])(\W*)', item[1])
author	Ben Kelly <bk@ancilla.ca>	2017-07-26 11:34:43 -0400
committer	GitHub <noreply@github.com>	2017-07-26 11:34:43 -0400
commit	c5023198f4adb3e7dcc0111a6798ccfec115adc4 (patch)
tree	bb791fbbf72962e6107bb732f0689e110ef9385c
parent	0523eb9ca47b0d472f2981c700461ed78c576bff (diff)
parent	bd13ad3dc80b60058d8071de176a2cb3a8cda06a (diff)
download	wee-slack-c5023198f4adb3e7dcc0111a6798ccfec115adc4.tar.gz