diff options
author | Ben Kelly <bk@ancilla.ca> | 2017-07-25 10:19:15 -0400 |
---|---|---|
committer | Ben Kelly <btk@google.com> | 2017-07-25 10:19:15 -0400 |
commit | bd13ad3dc80b60058d8071de176a2cb3a8cda06a (patch) | |
tree | bb791fbbf72962e6107bb732f0689e110ef9385c | |
parent | 0523eb9ca47b0d472f2981c700461ed78c576bff (diff) | |
download | wee-slack-bd13ad3dc80b60058d8071de176a2cb3a8cda06a.tar.gz |
Properly escape <&> when sending messages to Slack.
Signed-off-by: Ben Kelly <bk@ancilla.ca>
Signed-off-by: Ben Kelly <btk@google.com>
-rw-r--r-- | wee_slack.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/wee_slack.py b/wee_slack.py index 0da53f0..b974fea 100644 --- a/wee_slack.py +++ b/wee_slack.py @@ -2520,9 +2520,16 @@ def linkify_text(message, team, channel): usernames = team.get_username_map() channels = team.get_channel_map() message = (message + # Replace IRC formatting chars with Slack formatting chars. .replace('\x02', '*') .replace('\x1D', '_') .replace('\x1F', config.map_underline_to) + # Escape chars that have special meaning to Slack. Note that we do not + # (and should not) perform a full URL escaping here. + # See https://api.slack.com/docs/message-formatting for details. + .replace('<', '<') + .replace('>', '>') + .replace('&', '&') .split(' ')) for item in enumerate(message): targets = re.match('^\s*([@#])([\w.-]+[\w. -])(\W*)', item[1]) |