Prevent escapes in no-markdown fields

Author: TheKodeToad

backend/src/common/schema/message.ts

@@ -6,11 +6,11 @@ import { MessageFlags } from "oceanic.js";
 import { TomlDate } from "smol-toml";
 import { z } from "zod/v4";
 
-export const MessageLiteral = message(z.string());
+export const MessageLiteral = message(() => z.string());
 export type MessageLiteral = z.infer<typeof MessageLiteral>;
 
 export function messageTemplate<S extends TemplateSchema>(schema: S) {
-	const result = message(template(schema))
+	const result = message(markdown => template(schema, markdown))
 		.transform(({ content, embeds, ...message }) => (params: ParameterRecord<S>) => ({
 			content: content?.(params),
 			embeds: embeds?.map(
@@ -50,9 +50,9 @@ export function messageTemplate<S extends TemplateSchema>(schema: S) {
 	return result;
 }
 
-function message<Z extends z.ZodTypeAny>(stringType: Z) {
+function message<Z extends z.ZodTypeAny>(stringType: (markdown: boolean) => Z) {
 	return z.strictObject({
-		content: stringType,
+		content: stringType(true),
 		allowed_mentions: z.strictObject({
 			everyone: z.boolean(),
 			replied_user: z.boolean(),
@@ -70,24 +70,24 @@ function message<Z extends z.ZodTypeAny>(stringType: Z) {
 	}));
 }
 
-function embed<Z extends z.ZodType>(stringType: Z) {
+function embed<Z extends z.ZodType>(stringType: (markdown: boolean) => Z) {
 	return z.strictObject({
-		title: stringType,
-		description: stringType,
-		url: stringType,
+		title: stringType(true),
+		description: stringType(true),
+		url: stringType(false),
 		timestamp: z.instanceof(TomlDate).transform(date => date.toISOString()), // TODO is this filter consistent with Discord's
 		color: Color,
-		footer: z.strictObject({ text: stringType, icon: stringType }),
-		image: stringType.transform(url => ({ url })),
-		thumbnail: stringType.transform(url => ({ url })),
+		footer: z.strictObject({ text: stringType(false), icon: stringType(false) }),
+		image: stringType(false).transform(url => ({ url })),
+		thumbnail: stringType(false).transform(url => ({ url })),
 		author: z.strictObject({
-			name: stringType,
-			url: stringType.optional(),
-			icon_url: stringType.optional(),
+			name: stringType(false),
+			url: stringType(false).optional(),
+			icon_url: stringType(false).optional(),
 		}).transform(({ icon_url, ...input }) => ({ iconURL: icon_url, ...input })),
 		fields: z.strictObject({
-			name: stringType,
-			value: stringType,
+			name: stringType(true),
+			value: stringType(true),
 			inline: z.boolean().optional(),
 		}).array(),
 	}).partial();

backend/src/common/schema/template.ts

@@ -2,9 +2,9 @@
 import { parseTemplate, type TemplateSchema } from "#common/template/index.ts";
 import { z } from "zod/v4";
 
-export function template<S extends TemplateSchema>(schema: S) {
+export function template<S extends TemplateSchema>(schema: S, allowEscape = true) {
 	return z.string().transform((input, context) => {
-		const result = parseTemplate(input, schema);
+		const result = parseTemplate(input, schema, allowEscape);
 
 		if (typeof result === "string") {
 			context.addIssue({ message: result });

backend/src/common/template/formatting.ts

@@ -5,7 +5,7 @@ import { TokenType, type Token } from "#common/template/parsing.ts";
 import { dateToUnixSeconds, humanizeDuration } from "#common/time.ts";
 import { INTERNAL_TYPE_INTEGRITY } from "#environment.ts";
 
-export function formatTokens(params: ParameterRecord, tokens: Token[]): string {
+export function formatTokens(params: ParameterRecord, tokens: Token[], allowEscape = true): string {
 	let result = "";
 
 	for (const token of tokens) {
@@ -14,7 +14,9 @@ export function formatTokens(params: ParameterRecord, tokens: Token[]): string {
 			continue;
 		}
 
-		const escaped = !(token.wrapper === FormattingWrapper.InlineCodeblock || token.wrapper === FormattingWrapper.MultilineCodeblock);
+		const escaped = allowEscape
+			&& token.wrapper !== FormattingWrapper.InlineCodeblock
+			&& token.wrapper !== FormattingWrapper.MultilineCodeblock;
 
 		let output: string;
 

backend/src/common/template/index.ts

@@ -16,7 +16,7 @@ import { parseTemplateTokens, TokenType } from "#common/template/parsing.ts";
  * @returns A function to call to format data with the template,
  * or an error denoting something that went wrong with parsing.
  */
-export function parseTemplate<S extends TemplateSchema>(template: string, schema: S): ((params: ParameterRecord<S>) => string) | string {
+export function parseTemplate<S extends TemplateSchema>(template: string, schema: S, allowEscape = true): ((params: ParameterRecord<S>) => string) | string {
 	// just a typed wrapper
 	const tokens = parseTemplateTokens(template, schema);
 
@@ -31,7 +31,7 @@ export function parseTemplate<S extends TemplateSchema>(template: string, schema
 		return () => value;
 	}
 
-	return params => formatTokens(params, tokens);
+	return params => formatTokens(params, tokens, allowEscape);
 }
 
 export type TemplateSchema = Record<string, ParameterType>;