Add escaping of comment text in webhook default JSON template

umputun / remark42

comment engine

https://remark42.com

MIT License

4.77k stars 375 forks source link

Add escaping of comment text in webhook default JSON template #1792

Closed paskal closed 2 weeks ago

paskal commented 2 weeks ago

Resolves #1791.

davidchua commented 2 weeks ago

Thanks for this! Really appreciate the work in resolving #1791 so promptly! 🙇

Just wondering if moving the escape just prior to sending out the webhook might be better? Unless there is an instance where the user might not want to escape their string prior to sending it out as a webhook?

Pardon me if I'm missing any additional context.

https://github.com/umputun/remark42/blob/ff0efd6fd496e66dda6893caa67b71c6cfdb2d2e/backend/app/notify/webhook.go#L70-L74

paskal commented 2 weeks ago

The thing is you can send anything and not only JSON and escaping everything in JSON style might lead to unexpected consequences.