Open adamrothman opened 7 years ago
Only clients – not users – should be able to create message entity tags (variables and/or mentions for attachments, channels, identities). Additionally, a user might actually want to send the string "<!all>" in a channel.
other.js should escape angle brackets <, >. Maybe also the ampersand &? Slack escapes all three of these: https://api.slack.com/docs/message-formatting#how_to_escape_characters.
<
>
&
Only clients – not users – should be able to create message entity tags (variables and/or mentions for attachments, channels, identities). Additionally, a user might actually want to send the string "<!all>" in a channel.
other.js should escape angle brackets
<,>. Maybe also the ampersand&? Slack escapes all three of these: https://api.slack.com/docs/message-formatting#how_to_escape_characters.