[HOLD for payment 2024-04-05] [$500] When editing a message with &lt;div&gt;, it becomes <div>

[m-natarajan]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: 1.4.54-0
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: @dukenv0307
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1710750972703159

Action Performed:

1. Send a message <div>
2. Hover or long press on this message
3. Choose edit message

Expected Result:

The draft edit message remains as is

Actual Result:

The draft message suddenly becomes <div>

Workaround:

unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Add any screenshot/video evidence

Recording.2862.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~010257a39eea7eb507
• Upwork Job ID: 1769863831107096576
• Last Price Increase: 2024-03-18
• Automatic offers:
• dukenv0307 | Contributor | 0
• tienifr | Contributor | 0

[melvin-bot]

Triggered auto assignment to @twisterdotcom (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[twisterdotcom]

Huh, I guess this happens for other HTML too. I'm also guessing a C+ will have a good idea where we might have encountered this before. I can't see anything though.

[twisterdotcom]

Actually asking in Slack first: https://expensify.slack.com/archives/C06BDSWLDPB/p1710802921152459

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~010257a39eea7eb507

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @aimane-chnaif (External)

[elmedinhajdari]

Hello, the issue you're having is because the input is being encoded or escaped before being rendered in the UI. I used 'dangerouslySetInnerHTML' attribute fixing this issue or you can use a match&replace method to translate all the symbols needed like (this can be also done only if you use backquotes or you can use it for non-backquotes+backquotes too)

38539.mp4

Contributor details
Your Expensify account email: elmedin.hajdari@outlook.com
Upwork Profile Link: https://www.upwork.com/freelancers/~0157ab60e73c976a27

[melvin-bot]

📣 @elmedinhajdari! 📣
Hey, it seems we don’t have your contributor details yet! You'll only have to do this once, and this is how we'll hire you on Upwork.
Please follow these steps:

1. Make sure you've read and understood the contributing guidelines.
2. Get the email address used to login to your Expensify account. If you don't already have an Expensify account, create one here. If you have multiple accounts (e.g. one for testing), please use your main account email.
3. Get the link to your Upwork profile. It's necessary because we only pay via Upwork. You can access it by logging in, and then clicking on your name. It'll look like this. If you don't already have an account, sign up for one here.
4. Copy the format below and paste it in a comment on this issue. Replace the placeholder text with your actual details.
   
   Format:

Contributor details
Your Expensify account email: <REPLACE EMAIL HERE>
Upwork Profile Link: <REPLACE LINK HERE>

[tychoprice]

Problem
This issue lies primarily with the decoding of the draft message (when a user clicks to edit their message). Since the messages are escaped it would only make sense to decode them.

Root Cause
We are decoding the draft message from the original message

Changes to Solve
We are left with a few options:

1. We can simply return the draft message without any decoding (bypass decoding)
2. Conditionally apply the decoding

I see the code we need to modify is most likely here:

App/src/pages/home/report/ReportActionItemMessageEdit.tsx

Line 90 in 22bd9eb

return Str.htmlDecode(draftMessage);

Contributor details
Your Expensify account email: tychoprice@gmail.com
Upwork Profile Link: https://www.upwork.com/freelancers/~0107182f5ebdb48bb8

[melvin-bot]

✅ Contributor details stored successfully. Thank you for contributing to Expensify!

[tienifr]

Proposal

Please re-state the problem that we are trying to solve in this issue.

The draft message suddenly becomes

What is the root cause of that problem?

In here and here, we can see that the draft in local state is html decoded from draftMessage, this is because it's escaped before saving, as explained here.

However, in here, we're not escaping/encoding the draft properly before saving, although we explained that we want to do it here.

So the <div> should've been saved as <div> (then decoded back), but it was saved as <div> and then will be decoded one more time to <div>, causing the issue.

What changes do you think we should make in order to solve the problem?

In here, escape/encoded the draft properly before saving.

Report.saveReportActionDraft(reportID, action, Str.htmlEncode(newDraft));

(Or use lodashEscape to escape should also be fine)

There could be other places that have the same issue, we can apply the same fix there.

What alternative solutions did you explore? (Optional)

We can ensure that draftMessage is also not html encoded by:

• htmlDecode right when we set it when initiating the edit here
• In ReportActionItemMessageEdit, do not html decode the draftMessage, but use it as the draft as is.
• In places where we compare the draftMessage and the report action html like here, make sure they are of the same encoding before comparing (either encode the draftMessage or decode the action html)
• Make similar adjustment if necessary in other places that are using draftMessage

[tychoprice]

@tienifr

Really appreciate the suggestion. It looks like you're suggesting to encode (escape) the draft message before saving it using Str.htmlEncode.

My question is, if the current issue is that users see decoded HTML entities (like <div> instead of &lt;div&gt;) when editing, simply changing how the draft is saved won't necessarily resolve the issue. If the draft is saved in an encoded form and then decoded upon retrieval for editing, wouldn't users will still encounter the same problem?

[tienifr]

Proposal updated to add an alternative solution

@tychoprice Thanks for your feedback. I don't think there's any issue with that approach.

[askavyblr]

Proposal

Please re-state the problem that we are trying to solve in this issue.

The draft edit message remains as it is, it should not convert to decode string

What is the root cause of that problem?

App/src/pages/home/report/ReportActionItemMessageEdit.tsx

Lines 126 to 131 in 34fa987

	useEffect(() => {
	if (ReportActionsUtils.isDeletedAction(action) || (action.message && draftMessage === action.message[0].html)) {
	return;
	}
	setDraft(Str.htmlDecode(draftMessage));
	}, [draftMessage, action]);

line 130 draftMessage change to htmlDecode String

What changes do you think we should make in order to solve the problem?

App/src/pages/home/report/ReportActionItemMessageEdit.tsx

Lines 126 to 131 in 34fa987

	useEffect(() => {
	if (ReportActionsUtils.isDeletedAction(action) || (action.message && draftMessage === action.message[0].html)) {
	return;
	}
	setDraft(Str.htmlDecode(draftMessage));
	}, [draftMessage, action]);

line 130 it need to change setDraft(Str.htmlDecode(draftMessage)); to setDraft(draftMessage);

What alternative solutions did you explore? (Optional)

Draft.message.mp4

CC: @twisterdotcom

[dukenv0307]

@twisterdotcom Hi, I reported this issue on Slack and I had the info about it. Can I take this one as C+?

[aimane-chnaif]

I already started investigating this issue.
@dukenv0307 you should have volunteered earlier before making External which auto-assigns C+.

[twisterdotcom]

Ah @dukenv0307 yeah sorry, I didn't see this in Slack so I just left it with @aimane-chnaif sorry. Let's leave it for now, if @aimane-chnaif needs to hand it off for any reason, I'll make sure it goes to you.

Lots of proposals to go at here anyway @aimane-chnaif!

[dukenv0307]

@twisterdotcom No problem, I'm a new C+ so I'm not sure about this case. I'll try to volunteer before the issue is external

[aimane-chnaif]

@dukenv0307 please be C+ here since I will be OOO soon

[dukenv0307]

@twisterdotcom Happy to take this one as C+

[melvin-bot]

📣 @dukenv0307 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

[twisterdotcom]

EUGH this always happens.

[dukenv0307]

Let's go with @tienifr's alternative solution. Currently, we're saving the draft value of main composer as its original form so we should do the same with edit composer

🎀👀🎀 C+ reviewed

[melvin-bot]

Triggered auto assignment to @NikkiWines, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[NikkiWines]

Nice, yep the alternative solution looks good here 👍

[melvin-bot]

📣 @tienifr 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

[tienifr]

I am working on the PR

[twisterdotcom]

Last update was Friday Melvin.

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.4.57-5 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• fix: draft message edit issue #38906

If no regressions arise, payment will be issued on 2024-04-05. 🎊

For reference, here are some details about the assignees on this issue:

• @tienifr requires payment automatic offer (Contributor)
• @dukenv0307 requires payment automatic offer (Contributor)
• @dukenv0307 requires payment automatic offer (Contributor)

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@dukenv0307] The PR that introduced the bug has been identified. Link to the PR:
• [@dukenv0307] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@dukenv0307] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@dukenv0307] Determine if we should create a regression test for this bug.
• [@dukenv0307] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@twisterdotcom] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[dukenv0307]

BugZero Checklist:

• The PR that introduced the bug has been identified. Link to the PR: N/A
• The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment: N/A
• A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion: N/A
• Determine if we should create a regression test for this bug. Yes
• If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.

Regression test:

1. Send a message <div> or any markdown text (*bolded text*, ...)
2. Hover or long press on this message
3. Choose edit message
4. Verify that the draft edit message remains as is

Do we 👍 or 👎

[twisterdotcom]

Eugh, all of the offer links are just https://www.upwork.com/nx/wm/offer/0

[twisterdotcom]

Ahh, we have sent offers in the issue though okay: https://www.upwork.com/ab/applicants/1769863831107096576/hired

[twisterdotcom]

Payment Summary:

• @tienifr paid $500 here (Contributor)
• @dukenv0307 paid $500 here (C +)