Updates to sanitise_message.

2025-02-21 19:20:07 +02:00 · 2021-01-30 16:20:13 +00:00 · 2021-01-30 16:20:13 +00:00 · 480f1dd888
commit 480f1dd888
parent 0430bfc64b
3 changed files with 60 additions and 19 deletions
--- a/features/report.lua
+++ b/features/report.lua
@ -149,37 +149,26 @@ Module.show_reports = function(player)
    draw_report(report_body, #reports)
 end

-local  sensitive_characters = { "\\", "*", "_", "~", "`", "|", ">" }
-
-local function sanitise_message(message)
-    for _, sensitive_character in pairs(sensitive_characters) do
-        message = string.gsub(message, sensitive_character, '\\'..sensitive_character)
-    end
-    message = string.gsub(message, '@', '@\\u200B')
-    return message
-end
-
 local function send_report_to_discord(reporting_player, reported_player, message)
    local server_id = Server.get_server_id()
    local server_name = Server.get_server_name()
-    local sanitised_message = sanitise_message(message)

    local text = {'**'}
    if reporting_player and reporting_player.valid then
-        text[#text + 1] = reporting_player.name
+        text[#text + 1] = Utils.sanitise_string_for_discord(reporting_player.name)
    else
        text[#text + 1] = '<script>'
    end

    text[#text + 1] = ' reported '
-    text[#text + 1] = reported_player.name
+    text[#text + 1] = Utils.sanitise_string_for_discord(reported_player.name)
    text[#text + 1] = '**\\n'

    if server_id ~= '' then
        text[#text + 1] = 'Server: s'
-        text[#text + 1] = server_id
+        text[#text + 1] = Utils.sanitise_string_for_discord(server_id)
        text[#text + 1] = ' - '
-        text[#text + 1] = server_name
+        text[#text + 1] = Utils.sanitise_string_for_discord(server_name)
        text[#text + 1] = '\\n'
    end

@ -188,7 +177,7 @@ local function send_report_to_discord(reporting_player, reported_player, message
    text[#text + 1] = '\\nPlayer online time: '
    text[#text + 1] = Utils.format_time(reported_player.online_time)
    text[#text + 1] = '\\nMessage: '
-    text[#text + 1] = sanitised_message
+    text[#text + 1] = Utils.sanitise_string_for_discord(message)

    text = table.concat(text)

@ -236,13 +225,17 @@ local function send_jail_to_discord(target_player, player)
    local server_id = Server.get_server_id()
    local server_name = Server.get_server_name()

-    local text = {'**'..player.name, ' has jailed ', target_player.name,'**\\n'}
+    local text = {'**'}
+    text[#text+ 1] = Utils.sanitise_string_for_discord(player.name)
+    text[#text+ 1] = ' has jailed '
+    text[#text+ 1] = Utils.sanitise_string_for_discord(target_player.name)
+    text[#text+ 1] = '**\\n'

    if server_id ~= '' then
        text[#text + 1] = 'Server: s'
-        text[#text + 1] = server_id
+        text[#text + 1] = Utils.sanitise_string_for_discord(server_id)
        text[#text + 1] = ' - '
-        text[#text + 1] = server_name
+        text[#text + 1] = Utils.sanitise_string_for_discord(server_name)
        text[#text + 1] = '\\n'
    end

--- a/utils/core.lua
+++ b/utils/core.lua
@ -256,6 +256,29 @@ function Module.validate_player(player_ident)
    return player, player.name, player.index
 end

+local non_breaking_space = '' -- This is \u200B an invisible space charcater.
+local sensitive_characters_map = {
+    ['\\'] = '\\\\',
+    ['*'] = '\\*',
+    ['_'] = '\\_',
+    ['~'] = '\\~',
+    ['`'] = '\\`',
+    ['|'] = '\\|',
+    ['>'] = '\\>',
+    ['@'] = '@' .. non_breaking_space
+}
+
+--- Escapes markdown characters mentions. Intended to make it safe to send user input to discord.
+-- @param message <string>
+-- @return <string>
+function Module.sanitise_string_for_discord(message)
+    for character, replace in pairs(sensitive_characters_map) do
+        message = string.gsub(message, character, replace)
+    end
+
+    return message
+end
+
 -- add utility functions that exist in base factorio/util
 require 'util'

--- a/utils/core_tests.lua
+++ b/utils/core_tests.lua
@ -0,0 +1,25 @@
+local Declare = require 'utils.test.declare'
+local Assert = require 'utils.test.assert'
+local Core = require 'utils.core'
+
+local non_breaking_space = '' -- This is \u200B an invisible space charcater.
+
+Declare.module({'utils', 'Core'}, function()
+    Declare.module('sanitise_string_for_discord', function()
+        Declare.test('escapes markdown', function()
+            local actual = Core.sanitise_string_for_discord('**a**_b_~c~`d`|e|>f')
+            Assert.equal('\\*\\*a\\*\\*\\_b\\_\\~c\\~\\`d\\`\\|e\\|\\>f', actual)
+        end)
+
+        -- This test is making sure backslash '\' is escaped first, else there would be a different number of backslashes.
+        Declare.test('escapes backslash', function()
+            local actual = Core.sanitise_string_for_discord('\\*abc\\*')
+            Assert.equal('\\\\\\*abc\\\\\\*', actual)
+        end)
+
+        Declare.test('escapes mention', function()
+            local actual = Core.sanitise_string_for_discord('@grilledham')
+            Assert.equal('@' .. non_breaking_space .. 'grilledham', actual)
+        end)
+    end)
+end)