MS Teams: add user mention support#15436
Merged
steipete merged 4 commits intoopenclaw:mainfrom Feb 13, 2026
Merged
Conversation
openclaw-barnacle
bot
added
docs
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
extensions/msteams/src/mentions.ts
Outdated
Comment on lines
109
to
111
| const namePattern = new RegExp(`@${mention.name}`, "gi"); | ||
| formatted = formatted.replace(namePattern, `<at>${mention.name}</at>`); | ||
| } |
Contributor
There was a problem hiding this comment.
Regex injection in mentions
formatMentionText builds a RegExp directly from mention.name (new RegExp(@${mention.name}, "gi")). If a display name contains regex metacharacters (e.g. (, +, ., ?, [), this will either throw at runtime (invalid regex) or match/replace unintended parts of the message. Escape mention.name before constructing the regex (or avoid regex entirely by using a safer search/replace strategy).
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/msteams/src/mentions.ts
Line: 109:111
Comment:
**Regex injection in mentions**
`formatMentionText` builds a `RegExp` directly from `mention.name` (`new RegExp(`@${mention.name}`, "gi")`). If a display name contains regex metacharacters (e.g. `(`, `+`, `.`, `?`, `[`), this will either throw at runtime (invalid regex) or match/replace unintended parts of the message. Escape `mention.name` before constructing the regex (or avoid regex entirely by using a safer search/replace strategy).
How can I resolve this? If you propose a fix, please make it concise.
- Add mention parsing and validation logic - Handle mention entities with proper whitespace - Validate mention IDs to prevent false positives from code snippets - Use fake placeholders in tests for privacy
Clarify that User.Read.All permission is only needed for searching users not in the current conversation. Mentions work out of the box for conversation participants.
Escape regex metacharacters in display names before constructing RegExp to prevent runtime errors or unintended matches when names contain special characters like (, ), ., +, ?, [, etc. Add test coverage for names with regex metacharacters.
steipete
force-pushed
the
feature/msteams-mention
branch
from
efba549 to
460fbde
Compare
Contributor
alex-muradov
pushed a commit
to alex-muradov/openclaw
that referenced
this pull request
Feb 13, 2026
zhangyang-crazy-one
pushed a commit
to zhangyang-crazy-one/openclaw
that referenced
this pull request
Feb 13, 2026
skyhawk14
pushed a commit
to skyhawk14/openclaw
that referenced
this pull request
Feb 13, 2026
steipete
added a commit
to azade-c/openclaw
that referenced
this pull request
Feb 14, 2026
GwonHyeok
pushed a commit
to learners-superpumped/openclaw
that referenced
this pull request
Feb 15, 2026
cloud-neutral
pushed a commit
to cloud-neutral-toolkit/openclawbot.svc.plus
that referenced
this pull request
Feb 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
MS Teams: add user mention support
What
Adds support for @mentions in Microsoft Teams channel, enabling:
User.Read.Allpermission requirementWhy
Enables OpenClaw to properly handle @mentions in Teams conversations, improving interaction quality and allowing dynamic user search.
Changes
extensions/msteams/src/mentions.ts- Core mention parsing and validation logicextensions/msteams/src/mentions.test.ts- Comprehensive test suite (17 tests)extensions/msteams/src/messenger.ts- Integration with message handlingdocs/channels/msteams.md- AddedUser.Read.Allpermission documentationTesting
AI-Assisted Development
Notes
User.Read.Allpermission only needed for searching users not in the current conversationGreptile Overview
Greptile Summary
Adds outbound Microsoft Teams user-mention support by introducing a mention parser (
extensions/msteams/src/mentions.ts) that converts@[Name](id)markup into Teams<at>Name</at>tags plusentitiespayloads, and wiring it into message sending (extensions/msteams/src/messenger.ts). Includes a new vitest suite covering mention parsing/validation cases and updates MS Teams docs to note theUser.Read.Allpermission requirement for mentioning users outside the current conversation.Confidence Score: 4/5
messenger.tsis straightforward (only addsentitieswhen present) and the new parsing logic is covered by tests, butformatMentionTextconstructs regexes from unescaped user display names, which can throw or replace unintended text for names containing regex metacharacters.Last reviewed commit: b781104
(2/5) Greptile learns from your feedback when you react with thumbs up/down!