From cfcfd3ebbb6380e9473557ad36b7a77c422cf3f0 Mon Sep 17 00:00:00 2001
From: hmhealey <harrisonmhealey@gmail.com>
Date: Wed, 4 Nov 2015 10:03:37 -0500
Subject: Properly escaped mention keywords and search terms when formatting
 them

---
 web/react/utils/text_formatting.jsx | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'web/react')

diff --git a/web/react/utils/text_formatting.jsx b/web/react/utils/text_formatting.jsx
index 4d4849281..ac26107cc 100644
--- a/web/react/utils/text_formatting.jsx
+++ b/web/react/utils/text_formatting.jsx
@@ -171,6 +171,10 @@ function autolinkAtMentions(text, tokens) {
     return output;
 }
 
+function escapeRegex(text) {
+    return text.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&');
+}
+
 function highlightCurrentMentions(text, tokens) {
     let output = text;
 
@@ -210,7 +214,7 @@ function highlightCurrentMentions(text, tokens) {
     }
 
     for (const mention of UserStore.getCurrentMentionKeys()) {
-        output = output.replace(new RegExp(`(^|\\W)(${mention})\\b`, 'gi'), replaceCurrentMentionWithToken);
+        output = output.replace(new RegExp(`(^|\\W)(${escapeRegex(mention)})\\b`, 'gi'), replaceCurrentMentionWithToken);
     }
 
     return output;
@@ -290,7 +294,7 @@ function highlightSearchTerm(text, tokens, searchTerm) {
         return prefix + alias;
     }
 
-    return output.replace(new RegExp(`()(${searchTerm})`, 'gi'), replaceSearchTermWithToken);
+    return output.replace(new RegExp(`()(${escapeRegex(searchTerm)})`, 'gi'), replaceSearchTermWithToken);
 }
 
 function replaceTokens(text, tokens) {
-- 
cgit v1.2.3-1-g7c22