[HOLD for payment 2024-01-24] [$500] Special characters not correctly escaped in system messages

[m-natarajan]

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Version Number: 1.4.22-0
Reproducible in staging?: yes
Reproducible in production?: yes
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: @roryabraham
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1704393581910299

Action Performed:

1. In OldDot, create Collect plan, set as default
2. Set isPolicyExpenseChatEnabled = "true" on the policy by:
   1. Opening the policy settings in OldDot
   2. Open the JS console and run the following commands
   3. p = Policy.getCurrent();
   4. p.policy.isPolicyExpenseChatEnabled = "true";
   5. p.save();
3. In OldDot, create report on ^ policy & add an expense
4. In OldDot, submit the report (to yourself) & approve it
5. Open the report in NewDot, in another tab or device. Make sure that you have the expense report open and the reportID in the url matches. Make sure you can see both OldDot and NewDot at the same time.
6. In OldDot, mark the report as reimbursed (Reimburse -> I'll do it manually). Important: Leave a message when you're reimbursing the report saying "I'm manually reimbursing this report"

Expected Result:

In the NewDot tab, you should immediately see the new report action text, which should be You marked this report as manually reimbursed, saying "I'm marking this as manually reimbursed for testing". This report will be reimbursed outside of Expensify

Actual Result:

In the NewDot tab, you immediately see the new report action text, but it says:
You marked this report as manually reimbursed. This report will be reimbursed outside of Expensify, saying I'm marking this as manually reimbursed for testing

Workaround:

unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Add any screenshot/video evidence

Recording.2641.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0189452e8b1cef5839
• Upwork Job ID: 1743086166231134208
• Last Price Increase: 2024-01-05
• Automatic offers:
• cubuspl42 | Reviewer | 28082747
• tienifr | Contributor | 28082748

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~0189452e8b1cef5839

[melvin-bot]

Triggered auto assignment to @NicMendonca (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @cubuspl42 (External)

[tienifr]

Proposal

Please re-state the problem that we are trying to solve in this issue.

In the NewDot tab, you immediately see the new report action text, but it says:
You marked this report as manually reimbursed. This report will be reimbursed outside of Expensify, saying I'm marking this as manually reimbursed for testing

What is the root cause of that problem?

The system message from back-end is html-encoded, but we're not htmlDecode the system message in front-end side, so it still shows as is in front-end.

What changes do you think we should make in order to solve the problem?

htmlDecode the system message in front-end side.

There's the Str.htmlDecode already made for it.

We can do that for example inside here (so it applies to all basic message)

App/src/pages/home/report/ReportActionItemBasicMessage.tsx

Line 15 in 095161a

<Text style={[styles.chatItemMessage, styles.colorMuted]}>{message}</Text>

or when getting marked reimburse message here (if we only want it for the marked reimburse message)

App/src/libs/ReportActionsUtils.ts

Line 775 in 095161a

return reportAction?.message?.map((element) => element.text).join('') ?? '';

What alternative solutions did you explore? (Optional)

NA

[melvin-bot]

📣 @cubuspl42 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job

[melvin-bot]

📣 @tienifr 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

[roryabraham]

@tienifr LGTM, let's apply it in ReportActionItemBasicMessage.tsx as you've suggested

[cubuspl42]

Great, we're waiting for the PR 👍

[tienifr]

PR ready for review #34081.

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.4.25-10 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Escape special characters in MARKEDREIMBURSED message #34081

If no regressions arise, payment will be issued on 2024-01-24. 🎊

For reference, here are some details about the assignees on this issue:

• @cubuspl42 requires payment automatic offer (Reviewer)
• @tienifr requires payment automatic offer (Contributor)

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@cubuspl42] The PR that introduced the bug has been identified. Link to the PR:
• [@cubuspl42] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@cubuspl42] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@cubuspl42] Determine if we should create a regression test for this bug.
• [@cubuspl42] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@NicMendonca] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[cubuspl42]

• The PR that introduced the bug has been identified. Link to the PR:
  • It seems that the bug was present in the relevant components since they were created
• The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
  • N/A
• A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
  • No need for additional discussion
• Determine if we should create a regression test for this bug.
  • No need for a regression test
• If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
  • N/A

[NicMendonca]

@tienifr @cubuspl42 - you've both been paid!