We're Hiring!

Mattermost, Inc.

Escaping text payloads for incoming webhooks

For an incoming webhook, how am I supposed to prevent Mattermost from attempting to match text like “joho” with an existing username? ATM, I’m using backticks, but that implies formatting, which I don’t want. I’d simply like to do something like:

Firstname Lastname (username)

and not have Mattermost match any of it with potential users, channels, teams, whatever :smile:

Are you making your post requests to the webhook in JSON format, or in multipart form formatted data? I do believe that there is a difference and that you may be able to solve this issue through the method that you use to post the requests to the server itself.

JSON. So you’re saying MM interprets the content of the incoming Webhook differently based on the format it receives data in? (I realize I can use attachments, etc and have “more fine grained control”, but I’m surprised it highlights matches on plain text, even when it has nothing to do with the username …)

Hi! So I did try to reproduce your error with the application/json payload, and I’m not getting the same results that your describing. Would you be willing to provide the body of the webhook POST command that you use, so that I can use it to attempt to reproduce and diagnose the potential issues? Thanks!

I simply need to put my username into the payload and it’s highlighted when displayed by Mattermost unless it’s set to be pre-formatted. You should be able to do that too.

If you’re running cURL on Windows, ensure inner double quotes are escaped with a backslash. Here’s an example payload on Windows:

curl -i -X POST -H "Content-Type: application/json" -d "{\"text\": \"Hello, this is some text\nThis is more text. :tada:\"}" http://{your-mattermost-site}/hooks/xxx-generatedkey-xxx

So maybe quoting the username, and then escaping the quotes with a second set of quotes would work?

Thanks.

This is in an application. Quoting the username with single or double quotes won’t make a difference as far as I’ve been able to see. It also highlights the username like server.username.domain.com, which also makes no sense :slight_smile:

But, it is what it is.

Hmm. I think this might be an issue to escalate to the developers, potentially, @ahmaddanial?
Or is there something further that we are missing?

Hello, @joho68

Allow me to get more context on the question here. I tried to reproduce this on my end as well but my username was not highlighted when the payload was sent via cURL. Unless me and @XxLilBoPeepsxX were testing it incorrectly, would you mind sharing more details of the application you have on your end?

Some screen shots will help us to visualize the problem better too. Thanks.

1 Like

It’s actually not a big deal, since I can “quote” data that I do not want to receive this “treatment”, but I still find it curious :slight_smile:

The application in question is this WordPress plugin, which was released today:

Here’s a dump. As you can see, my username is joho in that Mattermost instance. When a string like “wplab.joho.se” is included in the payload, the text “joho” is highlighted, which I feel is incorrect. After running into this, I started quoting the usernames and the site’s name, which prevents this from happening, but since quoting text implies formatting, it’s not really a good solution :slight_smile:

Mattermost_Mention