Wiilf
commented
3 years ago We dont need to worry about this with our reggex (PHP). If you handle the next char, spaces and in-between, you can parse past JS and handle it script-side.
Like we do:
// Match found pings if (preg_match('/@[\w-]+/', $row['content'], $matches)) { $lookup = $db->query_params('SELECT username, user_id FROM users WHERE username = :username', ['username' => str_replace('@', '', $matches[0])]); foreach ($lookup as $ping) { $data['pings'] = [$ping['user_id'] => $ping['username']]; } } else { $data['pings'] = []; }
The highlightPing() function uses the user's name directly as a regex when replacing the text with the tag button. This breaks if the user's name contains any regex special characters, e.g. "John Vert (me!)"
quick & simple fix is to change highlightPing to escape the username
html = html.replace(new RegExp(pingText.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g'), __createTag(pingText, userId));