[HOLD for payment 2023-06-01] [$1000] http://localhost is not treated as a link

[kavimuru]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Action Performed:

1. Go to any chat
2. Enter http://localhost:3000/

Expected Result:

Treat anything starts with https?:// as a valid link.

Actual Result:

Message remains as text

Workaround:

Can the user still use Expensify without this being fixed? Have you informed them of the workaround?

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

Version Number: v1.3.4-0
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation

Expensify/Expensify Issue URL:
Issue reported by: @allroundexperts
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1682094889963549

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0145e4cee523573d2e
• Upwork Job ID: 1653500666599301120
• Last Price Increase: 2023-05-09

[MelvinBot]

Triggered auto assignment to @miljakljajic (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[MelvinBot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[miljakljajic]

Discussed here, working on this. https://expensify.slack.com/archives/C01SKUP7QR0/p1682442917120829

[MelvinBot]

@miljakljajic 6 days overdue. This is scarier than being forced to listen to Vogon poetry!

[MelvinBot]

@miljakljajic Still overdue 6 days?! Let's take care of this!

[MelvinBot]

Job added to Upwork: https://www.upwork.com/jobs/~0145e4cee523573d2e

[MelvinBot]

Current assignee @miljakljajic is eligible for the External assigner, not assigning anyone new.

[MelvinBot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @Santhosh-Sellavel (External)

[MelvinBot]

Triggered auto assignment to @mountiny (External), see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[miljakljajic]

Approved as an external job & added to Upwork

[allroundexperts]

@miljakljajic @mountiny @Santhosh-Sellavel What's the expected behaviour here? Is it just the localhost text that we want to treat as link? If we consider Slack as an example, it treats anything starts with https?:// as a valid link. I think this makes sense because on local, we can create any alias of a ip ie http://localhost, http://my-cool-app:3000 are all valid local urls.
I guess it makes sense to get more opinions on this in the open-source channel?

I'm proposing a solution for the case where we want to cater for all local urls.

Proposal

Please re-state the problem that we are trying to solve in this issue.

local urls are not being recognised

What is the root cause of that problem?

The root cause is that we're using a URL validation regex that does not allow a local url. This can be seen here.

What changes do you think we should make in order to solve the problem?

In my opinion, we should have two regex.

1. The current regex which allows for strict URL matching. This does not allow local urls. This would be used when we want to validate user specific information such as user's website etc. In our code, this can be continued to be used here.

2. Regex which allows for loose validation. This will consider any text that starts with https:// as valid url. We can use this inside of our chat.
   Example of a loose URL validation regex:

const STRICT_URL_WEBSITE_REGEX = `((?:www\\.)?[a-z0-9](?:[-a-z0-9]*[a-z0-9])?\\.)+(?:${TLD_REGEX})(?:\\:${ALLOWED_PORTS}|\\b|(?=_))`;
const LOOSE_URL_WEBSITE_REGEX = `${URL_PROTOCOL_REGEX}([\-\w]+(\.[\-\w]+)*)(?:\\:${ALLOWED_PORTS}|\\b|(?=_))`;
const LOOSE_URL_REGEX = `(${LOOSE_URL_WEBSITE_REGEX}${URL_PATH_REGEX}(?:${URL_PARAM_REGEX}|${URL_FRAGMENT_REGEX})*)`;

To use it in our chat, we'll have to first use LOOSE_URL_REGEX and if it does not match (ie the text does not contain https?), then we can test against STRICT_URL_WEBSITE_REGEX in this file.

What alternative solutions did you explore? (Optional)

None

[allroundexperts]

Btw, I just noticed that Github actually treats local urls like Slack as well. Local URLs in my above comments are auto linked!

[mountiny]

@allroundexperts agree with you, I have updated the expected results

[mountiny]

@Santhosh-Sellavel what do you think of @allroundexperts proposal?

[melvin-bot]

@miljakljajic @mountiny @Santhosh-Sellavel this issue was created 2 weeks ago. Are we close to approving a proposal? If not, what's blocking us from getting this issue assigned? Don't hesitate to create a thread in #expensify-open-source to align faster in real time. Thanks!

[Santhosh-Sellavel]

@allroundexperts
We don't need to update anything here

App/src/libs/ValidationUtils.js

Line 253 in a26cbfe

function isValidWebsite(url) {

Just supporting the markdown should be enough. We should consider http:// as well, I like the idea and would continue testing on PR, thanks!

Any thoughts @mountiny

[miljakljajic]

Contracts extended to @allroundexperts and @Santhosh-Sellavel. I'll be out when it's time to pay, review regression tests and close this out @puneetlath so I'll leave it to you from here!

[Santhosh-Sellavel]

@allroundexperts is App PR ready?

[allroundexperts]

@allroundexperts is App PR ready?

Will be in ~30 mins.

[allroundexperts]

@Santhosh-Sellavel #19302

[mountiny]

PR was merged to main

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.3.17-5 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Don't allow mention inside code block/fence and link #19333

If no regressions arise, payment will be issued on 2023-06-01. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter @allroundexperts
• Contributor that fixed the issue @allroundexperts
• Contributor+ that helped on the issue and/or PR @Santhosh-Sellavel

As a reminder, here are the bonuses/penalties that should be applied for any External issue:

• Merged PR within 3 business days of assignment - 50% bonus
• Merged PR more than 9 business days after assignment - 50% penalty

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@allroundexperts / @Santhosh-Sellavel] The PR that introduced the bug has been identified. Link to the PR:
• [@allroundexperts / @Santhosh-Sellavel] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@allroundexperts / @Santhosh-Sellavel] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@allroundexperts / @Santhosh-Sellavel] Determine if we should create a regression test for this bug.
• [@allroundexperts / @Santhosh-Sellavel] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@puneetlath / @miljakljajic] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[Santhosh-Sellavel]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@allroundexperts / @Santhosh-Sellavel] The PR that introduced the bug has been identified. Link to the PR: It's not a bug, we added a support for this here.
• [@allroundexperts / @Santhosh-Sellavel] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment: N/A
• [@allroundexperts / @Santhosh-Sellavel] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion: N/A
• [@allroundexperts / @Santhosh-Sellavel] Determine if we should create a regression test for this bug. N/A
• [@allroundexperts / @Santhosh-Sellavel] If we decide to create a regression test for the bug, please propose the [regression test] (https://github.com/Expensify/App/blob/main/contributingGuides/REGRESSION_TEST_BEST_PRACTICES.md) steps to ensure the same bug will not reach production again. N/A
• [@puneetlath / @miljakljajic] Link the GH issue for creating/updating the regression test once above steps have been agreed upon: N/A

[puneetlath]

@allroundexperts has been paid. @Santhosh-Sellavel sent you a contract: https://www.upwork.com/nx/wm/offer/24847544

[Santhosh-Sellavel]

We won't need seperate regression tests here, need to update test cases for markdown URLs to include localhost too if not already.

cc: @mountiny @puneetlath

[puneetlath]

@Santhosh-Sellavel are you referring to manual tests or automated tests? Do we do manual testing for our various markdown rules? I would assume this can be covered by automated tests.

[Santhosh-Sellavel]

@puneetlath
Was referring to manual tests, Automated (unit) tests in E-Common already covers these cases

Do we do manual testing for our various markdown rules?

I'm not sure whether we do that, if we do then need to update that, if not we are good here.

[puneetlath]

Got it! Can you check in testrail to see if we currently do?

[Santhosh-Sellavel]

@puneetlath here it is https://expensify.testrail.io/index.php?/cases/view/2458018

[puneetlath]

Got it. Hmmm. Feels like an edge-case scenario. I think automated testing is good enough for this. Thanks for the link.

Went ahead and paid, so we're all good here. Thanks everyone!