Merge pull request #242 from MoC-OSS/feature/UABOT-89_fix_message_saving

[Fix] [UABOT-89] Add message escaping to fix < and >
MoC-OSS · Dec 5, 2022 · 0cc5ddb · 0cc5ddb
2 parents 565c0fe + e1fa049
commit 0cc5ddb
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 9 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -48,6 +48,7 @@
     "contains-emoji": "^1.1.4",
     "cyrillic-to-translit-js": "^3.2.1",
     "diff": "^5.1.0",
+    "escape-html": "^1.0.3",
     "eventsource": "^2.0.2",
     "express": "^4.18.2",
     "fuse.js": "^6.6.2",
@@ -76,6 +77,7 @@
   "devDependencies": {
     "@commitlint/config-conventional": "^17.1.0",
     "@swc/jest": "^0.2.23",
+    "@types/escape-html": "^1.0.2",
     "@types/eventsource": "^1.1.10",
     "@types/express": "^4.17.14",
     "@types/jest": "^29.2.0",

diff --git a/src/bot/listeners/on-text.listener.ts b/src/bot/listeners/on-text.listener.ts
@@ -1,3 +1,4 @@
+import escapeHTML from 'escape-html';
 import type { Bot, NextFunction } from 'grammy';
 import { InputFile } from 'grammy';
 
@@ -138,9 +139,9 @@ export class OnTextListener {
                     this.bot.api
                       .sendMessage(
                         logsChat,
-                        `Cannot delete the following message from chat\n\n<code>${telegramUtil.getChatTitle(context.chat)}</code>\n${
-                          context.msg?.text || ''
-                        }`,
+                        `Cannot delete the following message from chat\n\n<code>${telegramUtil.getChatTitle(
+                          context.chat,
+                        )}</code>\n${escapeHTML(context.msg?.text || '')}`,
                         {
                           parse_mode: 'HTML',
                         },

diff --git a/src/bot/middleware/delete-swindlers.middleware.ts b/src/bot/middleware/delete-swindlers.middleware.ts
@@ -1,4 +1,5 @@
 import axios from 'axios';
+import escapeHTML from 'escape-html';
 import type { Bot } from 'grammy';
 import { InputFile } from 'grammy';
 import type { GrammyContext, GrammyMiddleware, SwindlerResponseBody, SwindlersResult, SwindlerType } from 'types';
@@ -86,7 +87,7 @@ export class DeleteSwindlersMiddleware {
       logsChat,
       `Looks like swindler's message (${(maxChance * 100).toFixed(2)}%) from <code>${from}</code> by user ${userMention}:\n\n${
         chatMention || userMention
-      }\n${text}`,
+      }\n${escapeHTML(text)}`,
       {
         parse_mode: 'HTML',
       },
@@ -137,9 +138,9 @@ export class DeleteSwindlersMiddleware {
             context.api
               .sendMessage(
                 logsChat,
-                `Cannot delete the following message from chat\n\n<code>${telegramUtil.getChatTitle(context.chat)}</code>\n${
-                  context.msg?.text || ''
-                }`,
+                `Cannot delete the following message from chat\n\n<code>${telegramUtil.getChatTitle(context.chat)}</code>\n${escapeHTML(
+                  context.msg?.text || '',
+                )}`,
                 {
                   parse_mode: 'HTML',
                 },

diff --git a/src/services/url.service.test.ts b/src/services/url.service.test.ts
@@ -13,12 +13,12 @@ describe('UrlService', () => {
     });
 
     it('should parse urls without special symbols at the end', () => {
-      const text = `test https://url.com/, test url.com. http://24.site/?order=946,`;
+      const text = `test https://url.com/, test url.com. http://24.site/?order=946, http://24privat.site/?order=94696970126<`;
       const result = urlService.parseUrls(text);
 
       console.info(text);
 
-      expect(result).toEqual(['https://url.com', 'http://24.site/?order=946']);
+      expect(result).toEqual(['https://url.com', 'http://24.site/?order=946', 'http://24privat.site/?order=94696970126']);
     });
 
     it('should not parse invalid urls', () => {