diff --git a/.github/workflows/notifications.yml b/.github/workflows/notifications.yml index e2f63187b..447d969a9 100644 --- a/.github/workflows/notifications.yml +++ b/.github/workflows/notifications.yml @@ -13,6 +13,43 @@ jobs: runs-on: ubuntu-latest steps: + - uses: actions/github-script@v7 + id: sanitize-title + with: + script: | + const isPR = !!context.payload.pull_request; + const isIssue = !!context.payload.issue; + const item = isPR ? context.payload.pull_request : isIssue ? context.payload.issue : context.payload.issue_comment.issue; + + // Sanitization functions + const sanitizeTitle = (title) => { + return title + // Remove potential markdown formatting + .replace(/[*_~`]/g, '') + // Remove potential HTML tags + .replace(/<[^>]*>/g, '') + // Remove multiple spaces + .replace(/\s{2,}/g, ' ') + // Trim whitespace + .trim() + // Enforce max length of 100 + .substring(0, 100); + }; + + // Escape special characters for Slack + const escapeForSlack = (text) => { + return text + .replace(/&/g, '&') + .replace(//g, '>') + .replace(/&lt;/g, '<') + .replace(/&gt;/g, '>'); + }; + + const sanitizedTitle = escapeForSlack(sanitizeTitle(item.title)); + console.log('Sanitized Title: ', sanitizedTitle); + core.setOutput('safe-title', sanitizedTitle); - name: Send notifications on Pull Request if: ${{ github.event_name == 'pull_request'}} id: slack_PR @@ -23,7 +60,7 @@ jobs: "Notification Type": "Pull Request", "Notification URL":"${{ github.event.pull_request.html_url }}", "GitHub Repo": "${{ github.repository }}", - "Notification Title": "${{ github.event.pull_request.title }}" + "Notification Title": "${{ steps.sanitize-title.outputs.safe-title }}" } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -37,7 +74,7 @@ jobs: "Notification Type": "Issue", "Notification URL":"${{ github.event.issue.html_url }}", "GitHub Repo": "${{ github.repository }}", - "Notification Title": "${{ github.event.issue.title }}" + "Notification Title": "${{ steps.sanitize-title.outputs.safe-title }}" } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -51,7 +88,7 @@ jobs: "Notification Type": "Issue comment", "Notification URL":"${{ github.event.comment.html_url }}", "GitHub Repo": "${{ github.repository }}", - "Notification Title": "${{ github.event.issue_comment.issue.title }}" + "Notification Title": "${{ steps.sanitize-title.outputs.safe-title }}" } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/dist/index.js b/dist/index.js index 0bfd5fdb4..6c9c79dbd 100644 --- a/dist/index.js +++ b/dist/index.js @@ -78456,6 +78456,14 @@ const { isUint8Array, isArrayBuffer } = __nccwpck_require__(98253) const { File: UndiciFile } = __nccwpck_require__(63041) const { parseMIMEType, serializeAMimeType } = __nccwpck_require__(94322) +let random +try { + const crypto = __nccwpck_require__(77598) + random = (max) => crypto.randomInt(0, max) +} catch { + random = (max) => Math.floor(Math.random(max)) +} + let ReadableStream = globalThis.ReadableStream /** @type {globalThis['File']} */ @@ -78541,7 +78549,7 @@ function extractBody (object, keepalive = false) { // Set source to a copy of the bytes held by object. source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength)) } else if (util.isFormDataLike(object)) { - const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}` + const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}` const prefix = `--${boundary}\r\nContent-Disposition: form-data` /*! formdata-polyfill. MIT License. Jimmy Wärting */ @@ -93357,6 +93365,14 @@ module.exports = require("node:buffer"); /***/ }), +/***/ 77598: +/***/ ((module) => { + +"use strict"; +module.exports = require("node:crypto"); + +/***/ }), + /***/ 78474: /***/ ((module) => {