Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

company name has unwanted characters if the name has apostrophe or & in it #251

Open
naveentammineni opened this issue Dec 17, 2018 · 4 comments
Open

company name has unwanted characters if the name has apostrophe or & in it #251

naveentammineni opened this issue Dec 17, 2018 · 4 comments

Comments

@naveentammineni
Copy link

Version info

  • intercom-java version: 2.2.7
  • Java version: 1.8.0_121

Expected behavior

We have a user with company names that has special characters in their names e.g. apostrophe or ampersands.
Updating such companies causes their name to include tons of &amp then fail with message name too long

Actual behavior

Steps to reproduce

  1. Create a company with apostrophe or & in it and Update the company or create the company and set it to user and update it.
User intercomUser = User.find(params);
Company company = new Company();
company.setCompanyID(21443);
company.setName("Dave's Business");
intercomUser.addCompany(company);
User.update(intercomUser);```

## Logs
```io.intercom.api.ServerException: Server Error
at io.intercom.api.HttpClient.throwException(HttpClient.java:214)
at io.intercom.api.HttpClient.handleError(HttpClient.java:169)
at io.intercom.api.HttpClient.runRequest(HttpClient.java:155)
at io.intercom.api.HttpClient.executeHttpMethod(HttpClient.java:110)
at io.intercom.api.HttpClient.post(HttpClient.java:100)
at io.intercom.api.DataResource.update(DataResource.java:35)
at io.intercom.api.User.update(User.java:55)```
@martin-walsh
Copy link

Also affected by this bug when company name contains apostrophe character, which pretty common.

Version Info

intercom-java: 2.8.0

@martin-walsh
Copy link

Some more info on this bug.

Only responses contain the bad & and ' escapes.

Requests to User API for user & Company API for company do not result in the issue.

What does result in the issue, is attaching Companies to users as the char escape kicks in once a Company.find() call is made etc

@martin-walsh
Copy link

Issue appears to not be part of the Java SDK as responses using curl also contain escaped chars, but the UI does not

@martin-walsh
Copy link

martin-walsh commented Mar 27, 2019
edited
Loading

Heard back from intercom support.

Apparently, this is expected behaviour. See excerpt from https://developers.intercom.com/intercom-api-reference/v1.1/reference#encoding

HTML Encoding

It should be noted that the following identifiers are encoded to protect from potential cross-site scripting attacks: 'name', 'user_id', 'company_id' and 'email'. As a result you may see these identifiers in their encoded format when you retrieve them via the API.
Note that the characters we encode are double quote, single quote, ampersand, less than and greater than symbols i.e " ' & < >

In all responses back from Intercom: name, email, user_id and company_id are HTML encoded. So if you retrieve a Company and add it to a User, you must sanitise the name & email of each before updating

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@naveentammineni @martin-walsh