Skip to content

refactor(federation): create MentionPill structure internally #37148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ggazzo merged 5 commits into from
Oct 10, 2025
Merged

refactor(federation): create MentionPill structure internally #37148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3f0388f
replace MentionPill from remote lib
ricardogarim Oct 3, 2025
8ea7af4
add sanitize-html lib
ricardogarim Oct 6, 2025
8b441d6
improve extractMentions readability and add sanitization test
ricardogarim Oct 6, 2025
c4f512f
remove @vector-im/matrix-bot-sdk from docker build
ricardogarim Oct 6, 2025
193fd19
Remove rest of matrix package dependencies
rodrigok Oct 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .github/actions/build-docker/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,11 +85,6 @@ runs:
- run: yarn build
if: inputs.setup == 'true'
shell: bash
- if: ${{ inputs.platform == 'alpine' }}
uses: actions/cache@v4
with:
path: /tmp/build/matrix-sdk-crypto.linux-x64-musl.node
key: matrix-rust-sdk-crypto-nodejs-v0.2.0-beta.1

- name: Build Docker images
shell: bash
Expand Down
52 changes: 1 addition & 51 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,54 +247,9 @@ jobs:
deno-version: ${{ needs.release-versions.outputs.deno-version }}
coverage: false

# TODO: this should go away once upstream builds are fixed
build-matrix-rust-bindings-for-alpine:
name: Builds matrix rust bindings against alpine
runs-on: ubuntu-24.04
steps:
- name: check cache for matrix-rust-sdk-crypto-nodejs
id: matrix-rust-sdk-crypto-nodejs
uses: actions/cache@v4
with:
path: /tmp/build/matrix-sdk-crypto.linux-x64-musl.node
key: matrix-rust-sdk-crypto-nodejs-v0.2.0-beta.1

- uses: actions/checkout@v4
with:
repository: matrix-org/matrix-rust-sdk-crypto-nodejs
ref: v0.2.0-beta.1 # https://github.com/element-hq/matrix-bot-sdk/blob/e72a4c498e00c6c339a791630c45d00a351f56a8/package.json#L58

- if: steps.matrix-rust-sdk-crypto-nodejs.outputs.cache-hit != 'true'
run: sudo apt-get install -y musl-tools libunwind-dev && find /usr/include -name stdarg.h 2>/dev/null || true

- if: steps.matrix-rust-sdk-crypto-nodejs.outputs.cache-hit != 'true'
uses: actions/[email protected]
with:
node-version: 22.16.0

- if: steps.matrix-rust-sdk-crypto-nodejs.outputs.cache-hit != 'true'
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: '1.76'
target: x86_64-unknown-linux-musl

- if: steps.matrix-rust-sdk-crypto-nodejs.outputs.cache-hit != 'true'
name: Install ziglang
uses: mlugg/setup-zig@v1
with:
version: 0.13.0

- if: steps.matrix-rust-sdk-crypto-nodejs.outputs.cache-hit != 'true'
name: Build
run: |
npm install --ignore-scripts
npx napi build --release --target x86_64-unknown-linux-musl --platform --zig
mkdir -p /tmp/build
mv matrix-sdk-crypto.linux-x64-musl.node /tmp/build/matrix-sdk-crypto.linux-x64-musl.node

build-gh-docker-coverage:
name: 🚢 Build Docker Images for Testing
needs: [build, release-versions, build-matrix-rust-bindings-for-alpine]
needs: [build, release-versions]
runs-on: ubuntu-24.04

env:
Expand Down Expand Up @@ -323,11 +278,6 @@ jobs:
build-containers: ${{ matrix.platform == needs.release-versions.outputs.official-platform && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Make sure matrix bindings load
if: (github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop') && matrix.platform == 'alpine' && github.actor != 'dependabot[bot]'
run: |
docker run --rm -w /app/bundle/programs/server/npm/node_modules/matrix-appservice-bridge ghcr.io/rocketchat/rocket.chat:$RC_DOCKER_TAG -e 'require(".")'

- name: Rename official Docker tag to GitHub Container Registry
if: matrix.platform == needs.release-versions.outputs.official-platform && (github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'release' || github.ref == 'refs/heads/develop') && github.actor != 'dependabot[bot]'
run: |
Expand Down
6 changes: 0 additions & 6 deletions apps/meteor/.docker/Dockerfile.alpine
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,6 @@ RUN cd /app/bundle/programs/server \
&& npm install [email protected] --no-save \
&& mv node_modules/sharp npm/node_modules/sharp \
# End hack for sharp
&& cd /app/bundle/programs/server/npm/node_modules/@vector-im/matrix-bot-sdk \
&& npm install \
# # Start hack for isolated-vm...
# && rm -rf npm/node_modules/isolated-vm \
# && npm install [email protected] \
Expand All @@ -58,10 +56,6 @@ RUN apk del deps

USER rocketchat

# TODO: remove hack once upstream builds are fixed
COPY --chown=rocketchat:rocketchat matrix-sdk-crypto.linux-x64-musl.node /app/bundle/programs/server/npm/node_modules/@matrix-org/matrix-sdk-crypto-nodejs
COPY --chown=rocketchat:rocketchat matrix-sdk-crypto.linux-x64-musl.node /app/bundle/programs/server/npm/node_modules/@vector-im/matrix-bot-sdk/node_modules/@matrix-org/matrix-sdk-crypto-nodejs

VOLUME /app/uploads

WORKDIR /app/bundle
Expand Down
3 changes: 0 additions & 3 deletions apps/meteor/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,6 @@
"@slack/rtm-api": "^7.0.3",
"@tanstack/react-query": "~5.65.1",
"@types/meteor": "^2.9.9",
"@vector-im/matrix-bot-sdk": "0.7.1-element.11",
"@xmldom/xmldom": "^0.8.10",
"adm-zip": "0.5.16",
"ajv": "^8.17.1",
Expand Down Expand Up @@ -396,8 +395,6 @@
"lodash.get": "^4.4.2",
"mailparser": "^3.7.3",
"marked": "^4.3.0",
"matrix-appservice": "^2.0.0",
"matrix-appservice-bridge": "^10.3.3",
"mem": "^8.1.1",
"meteor-node-stubs": "^1.2.19",
"mime-db": "^1.52.0",
Expand Down
3 changes: 1 addition & 2 deletions ee/packages/federation-matrix/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"@rocket.chat/eslint-config": "workspace:^",
"@types/emojione": "^2.2.9",
"@types/node": "~22.14.0",
"@types/sanitize-html": "^2",
"@types/sanitize-html": "^2.13.0",
"babel-jest": "~30.0.0",
"eslint": "~8.45.0",
"jest": "~30.0.0",
Expand Down Expand Up @@ -44,7 +44,6 @@
"@rocket.chat/models": "workspace:^",
"@rocket.chat/network-broker": "workspace:^",
"@rocket.chat/rest-typings": "workspace:^",
"@vector-im/matrix-bot-sdk": "^0.7.1-element.6",
"emojione": "^4.5.0",
"marked": "^16.1.2",
"mongodb": "6.10.0",
Expand Down
18 changes: 18 additions & 0 deletions ee/packages/federation-matrix/src/helpers/message.parsers.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1016,6 +1016,24 @@ describe('Federation - Infrastructure - Matrix - RocketTextParser', () => {
😀
😀`);
});

it('should properly sanitize malicious HTML that could bypass regex-based stripping', async () => {
const rawMessage = '> <@originalEventSender:localDomain.com> Quoted message\n\n test message';
const formattedMessage = `${quotedMessage}<p>test message</p><scr<script>ipt>alert('xss')</script><img src=x onerror=alert(1)>`;

const result = await toInternalQuoteMessageFormat({
homeServerDomain,
rawMessage,
formattedMessage,
messageToReplyToUrl: 'http://localhost:3000/group/1?msg=2354543564',
senderExternalId: '@user:externalDomain.com',
});

expect(result).not.toContain('<script>');
expect(result).not.toContain('onerror');
expect(result).not.toContain('<img');
expect(result).toBe('[ ](http://localhost:3000/group/1?msg=2354543564) test message');
});
});
});

Expand Down
Loading
Loading