Skip to content

fix: prevent HTML entity encoding in interpolated values#3263

Merged
jeanfbrito merged 1 commit intomasterfrom
fix/expiration-date-html-entities
Mar 19, 2026
Merged

fix: prevent HTML entity encoding in interpolated values#3263
jeanfbrito merged 1 commit intomasterfrom
fix/expiration-date-html-entities

Conversation

@scuciatto
Copy link
Copy Markdown
Member

@scuciatto scuciatto commented Mar 13, 2026
edited by coderabbitai bot
Loading

Summary

  • Fixed expiration date in Server Info displaying HTML entities (e.g., 4/16/2026) instead of properly formatted dates (e.g., 4/16/2026)
  • Added escapeValue: false to the i18next interpolation config in src/i18n/common.ts

Root Cause

i18next's default escapeValue is true, which HTML-encodes interpolated values to prevent XSS. The / character in locale-formatted dates was being escaped to /. Since this is a React app (which already handles XSS protection via JSX), escaping is unnecessary and is the https://react.i18next.com/latest/i18next-instance.

Steps to Reproduce

  1. Open the Rocket.Chat Desktop App
  2. Right-click on a server in the left sidebar
  3. Click Server Info
  4. Check the Expiration field

CORE-1935

Summary by CodeRabbit

  • Bug Fixes
    • Improved translation interpolation so special characters and formatted content render correctly (disables automatic escaping), preventing double-escaped or HTML-encoded text in UI.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Mar 13, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 673d1602-f71c-4070-b3f2-f3ff5a89fd04

📥 Commits

Reviewing files that changed from the base of the PR and between 7650bbf and 12e5c0b.

📒 Files selected for processing (1)
  • src/i18n/common.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/i18n/common.ts
📜 Recent review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: check (macos-latest)
  • GitHub Check: check (ubuntu-latest)
  • GitHub Check: check (windows-latest)

Walkthrough

Added escapeValue: false to the i18next interpolation configuration exported from src/i18n/common.ts, disabling HTML escaping for interpolated values so UI text renders raw characters instead of HTML entities.

Changes

Cohort / File(s) Summary
i18next Interpolation Configuration
src/i18n/common.ts		 Added escapeValue: false to the exported interpolation InitOptions to disable HTML escaping for interpolated values (one-line addition).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix: prevent HTML entity encoding in interpolated values' accurately summarizes the main change: adding escapeValue: false to i18next interpolation config to fix HTML entity encoding in dates.
Linked Issues check ✅ Passed The code change directly addresses CORE-1935 by adding escapeValue: false to i18next interpolation, which prevents HTML encoding of interpolated date values as required.
Out of Scope Changes check ✅ Passed The single-line change to add escapeValue: false is directly scoped to fixing the HTML entity encoding issue described in CORE-1935; no unrelated modifications are present.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Tip

CodeRabbit can scan for known vulnerabilities in your dependencies using OSV Scanner.

OSV Scanner will automatically detect and report security vulnerabilities in your project's dependencies. No additional configuration is required.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Mar 13, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

@scuciatto scuciatto changed the title Fix: disable escaping in the interpolation config fix: prevent HTML entity encoding in interpolated values Mar 13, 2026
@scuciatto scuciatto marked this pull request as ready for review March 13, 2026 11:37
@scuciatto scuciatto requested a review from jeanfbrito March 13, 2026 12:09
@scuciatto scuciatto force-pushed the fix/expiration-date-html-entities branch from 7650bbf to 12e5c0b Compare March 16, 2026 18:47
@jeanfbrito jeanfbrito merged commit 2e0c3ea into master Mar 19, 2026
10 checks passed
@jeanfbrito jeanfbrito deleted the fix/expiration-date-html-entities branch March 19, 2026 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeanfbrito jeanfbrito jeanfbrito approved these changes

Assignees

No one assigned

Labels

type: bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@scuciatto @CLAassistant @jeanfbrito