aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBen Kelly <bk@ancilla.ca>2017-07-25 10:19:15 -0400
committerBen Kelly <btk@google.com>2017-07-25 10:19:15 -0400
commitbd13ad3dc80b60058d8071de176a2cb3a8cda06a (patch)
treebb791fbbf72962e6107bb732f0689e110ef9385c
parent0523eb9ca47b0d472f2981c700461ed78c576bff (diff)
downloadwee-slack-bd13ad3dc80b60058d8071de176a2cb3a8cda06a.tar.gz
Properly escape <&> when sending messages to Slack.
Signed-off-by: Ben Kelly <bk@ancilla.ca> Signed-off-by: Ben Kelly <btk@google.com>
-rw-r--r--wee_slack.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/wee_slack.py b/wee_slack.py
index 0da53f0..b974fea 100644
--- a/wee_slack.py
+++ b/wee_slack.py
@@ -2520,9 +2520,16 @@ def linkify_text(message, team, channel):
usernames = team.get_username_map()
channels = team.get_channel_map()
message = (message
+ # Replace IRC formatting chars with Slack formatting chars.
.replace('\x02', '*')
.replace('\x1D', '_')
.replace('\x1F', config.map_underline_to)
+ # Escape chars that have special meaning to Slack. Note that we do not
+ # (and should not) perform a full URL escaping here.
+ # See https://api.slack.com/docs/message-formatting for details.
+ .replace('<', '&lt')
+ .replace('>', '&gt')
+ .replace('&', '&amp')
.split(' '))
for item in enumerate(message):
targets = re.match('^\s*([@#])([\w.-]+[\w. -])(\W*)', item[1])