Skip to content

Commit e794a2d

Browse files
committed
fix(issues): strip invisible characters from add_issue_comment body
Filter BiDi and other invisible Unicode control characters from issue comment bodies before posting to GitHub. These characters can render as visible separators and break @mentions such as @dependabot rebase. Fixes #2714
1 parent 8cd03c0 commit e794a2d

2 files changed

Lines changed: 19 additions & 0 deletions

File tree

pkg/github/issues.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1243,6 +1243,10 @@ func AddIssueComment(t translations.TranslationHelperFunc) inventory.ServerTool
12431243

12441244
var commentResponse *MinimalResponse
12451245
if hasBody {
1246+
body = sanitize.FilterInvisibleCharacters(body)
1247+
if body == "" {
1248+
return utils.NewToolResultError("body cannot be empty after removing invisible characters"), nil, nil
1249+
}
12461250
comment := &github.IssueComment{
12471251
Body: github.Ptr(body),
12481252
}

pkg/github/issues_test.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4154,6 +4154,21 @@ func TestAddIssueComment(t *testing.T) {
41544154
"body": "This is a comment",
41554155
},
41564156
},
4157+
{
4158+
name: "strips invisible characters from comment body before posting",
4159+
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
4160+
PostReposIssuesCommentsByOwnerByRepoByIssueNumber: expect(t, expectations{
4161+
path: "/repos/owner/repo/issues/42/comments",
4162+
requestBody: map[string]any{"body": "@dependabot rebase"},
4163+
}).andThen(mockResponse(t, http.StatusCreated, mockComment)),
4164+
}),
4165+
requestArgs: map[string]any{
4166+
"owner": "owner",
4167+
"repo": "repo",
4168+
"issue_number": float64(42),
4169+
"body": "\u2068@\u2069\u2068d\u2069ependabot rebase",
4170+
},
4171+
},
41574172
{
41584173
name: "successful reaction to issue",
41594174
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{

0 commit comments

Comments
 (0)