intercom-java icon indicating copy to clipboard operation
intercom-java copied to clipboard

Published 20 hours ago verified publisher icon intercom

company name has unwanted characters if the name has apostrophe or & in it

Open naveentammineni opened this issue 6 years ago • 4 comments

Version info

  • intercom-java version: 2.2.7
  • Java version: 1.8.0_121

Expected behavior

We have a user with company names that has special characters in their names e.g. apostrophe or ampersands. Updating such companies causes their name to include tons of &amp then fail with message name too long

Actual behavior

Steps to reproduce

  1. Create a company with apostrophe or & in it and Update the company or create the company and set it to user and update it.
User intercomUser = User.find(params);
Company company = new Company();
company.setCompanyID(21443);
company.setName("Dave's Business");
intercomUser.addCompany(company);
User.update(intercomUser);```

## Logs
```io.intercom.api.ServerException: Server Error
at io.intercom.api.HttpClient.throwException(HttpClient.java:214)
at io.intercom.api.HttpClient.handleError(HttpClient.java:169)
at io.intercom.api.HttpClient.runRequest(HttpClient.java:155)
at io.intercom.api.HttpClient.executeHttpMethod(HttpClient.java:110)
at io.intercom.api.HttpClient.post(HttpClient.java:100)
at io.intercom.api.DataResource.update(DataResource.java:35)
at io.intercom.api.User.update(User.java:55)```

naveentammineni avatar Dec 17 '18 23:12 naveentammineni

Also affected by this bug when company name contains apostrophe character, which pretty common.

Version Info

intercom-java: 2.8.0

martin-walsh avatar Mar 09 '19 08:03 martin-walsh

Some more info on this bug.

Only responses contain the bad & and ' escapes.

Requests to User API for user & Company API for company do not result in the issue.

What does result in the issue, is attaching Companies to users as the char escape kicks in once a Company.find() call is made etc

martin-walsh avatar Mar 26 '19 08:03 martin-walsh

Issue appears to not be part of the Java SDK as responses using curl also contain escaped chars, but the UI does not

martin-walsh avatar Mar 26 '19 09:03 martin-walsh

Heard back from intercom support.

Apparently, this is expected behaviour. See excerpt from https://developers.intercom.com/intercom-api-reference/v1.1/reference#encoding

HTML Encoding

It should be noted that the following identifiers are encoded to protect from potential cross-site scripting attacks: 'name', 'user_id', 'company_id' and 'email'. As a result you may see these identifiers in their encoded format when you retrieve them via the API.
Note that the characters we encode are double quote, single quote, ampersand, less than and greater than symbols i.e " ' & < >

In all responses back from Intercom: name, email, user_id and company_id are HTML encoded. So if you retrieve a Company and add it to a User, you must sanitise the name & email of each before updating

martin-walsh avatar Mar 27 '19 02:03 martin-walsh