From 2c2c2c4f0cf9fe58d4c79860f630edb432fa26c1 Mon Sep 17 00:00:00 2001
From: Sean Sube <seansube@gmail.com>
Date: Sat, 29 Dec 2018 19:03:03 -0600
Subject: [PATCH] fix: escape outgoing messages in listener

---
 src/entity/Message.ts           | 8 --------
 src/listener/DiscordListener.ts | 5 +++--
 src/listener/SlackListener.ts   | 3 ++-
 3 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/src/entity/Message.ts b/src/entity/Message.ts
index 49a9f4aab..bc1937e28 100644
--- a/src/entity/Message.ts
+++ b/src/entity/Message.ts
@@ -1,4 +1,3 @@
-import * as escape from 'escape-html';
 import { GraphQLInputObjectType, GraphQLList, GraphQLObjectType, GraphQLString } from 'graphql';
 import { Column, Entity, JoinColumn, OneToOne, PrimaryGeneratedColumn } from 'typeorm';
 
@@ -64,13 +63,6 @@ export class Message extends LabelEntity implements MessageOptions {
     }
   }
 
-  /**
-   * @TODO: move this to each listener
-   */
-  get escaped(): string {
-    return escape(this.body);
-  }
-
   public toJSON(): object {
     return {
       body: this.body,
diff --git a/src/listener/DiscordListener.ts b/src/listener/DiscordListener.ts
index 332b939ef..2c65688e0 100644
--- a/src/listener/DiscordListener.ts
+++ b/src/listener/DiscordListener.ts
@@ -9,6 +9,7 @@ import {
   TextChannel,
   User,
 } from 'discord.js';
+import * as escape from 'escape-html';
 import { isNil } from 'lodash';
 import * as emoji from 'node-emoji';
 import { Inject } from 'noicejs';
@@ -113,7 +114,7 @@ export class DiscordListener extends SessionListener<DiscordListenerData> implem
     }
 
     if (msg.body.length) {
-      await thread.reply(msg.body);
+      await thread.reply(escape(msg.body));
     }
 
     const reactions = this.filterEmoji(msg.reactions);
@@ -137,7 +138,7 @@ export class DiscordListener extends SessionListener<DiscordListenerData> implem
       return;
     }
 
-    await channel.send(msg.body);
+    await channel.send(escape(msg.body));
     return;
   }
 
diff --git a/src/listener/SlackListener.ts b/src/listener/SlackListener.ts
index 0636984cd..33fbbaa99 100644
--- a/src/listener/SlackListener.ts
+++ b/src/listener/SlackListener.ts
@@ -1,4 +1,5 @@
 import { RTMClient, WebClient } from '@slack/client';
+import * as escape from 'escape-html';
 import { isNil } from 'lodash';
 import { BaseError, Inject, logWithLevel } from 'noicejs';
 
@@ -30,7 +31,7 @@ export class SlackListener extends SessionListener<SlackListenerData> implements
 
   public async send(msg: Message): Promise<void> {
     if (msg.context.channel.id) {
-      const result = await this.client.sendMessage(msg.body, msg.context.channel.id);
+      const result = await this.client.sendMessage(escape(msg.body), msg.context.channel.id);
       if (result.error) {
         const err = new BaseError(result.error.msg);
         this.logger.error(err, 'error sending slack message');