[HOLD for payment 2023-06-08] [$1000] Italic [Attachment] message is considered as attachment and app crashes on click of download for that message

[kavimuru]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Action Performed:

1. Open the app and login with user A
2. Open the app on another device and login with user B
3. From user A, send following message: _[Attachment]_
4. From user B, long press the message and observe that 'Download' is available in option in place of 'copy to clipboard'
5. Press on download

Expected Result:

App should not consider normal message as attachment

Actual Result:

App considers normal message as attachment

Workaround:

unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

Version Number: v1.2.98-2
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation

attachment.in.italic.is.considered.as.attachment.mp4

Recording.205.mp4

Expensify/Expensify Issue URL:
Issue reported by: @dhanashree-sawant
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1681205583378899

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~013ef972b4b00c3551
• Upwork Job ID: 1646266195415273472
• Last Price Increase: 2023-05-08

[MelvinBot]

Triggered auto assignment to @lschurr (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[MelvinBot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[lschurr]

I'm not able to reproduce this. I only have the "copy to clipboard" or "mark as unread" option when long holding on the message.

Will add Eng for more eyes.

[MelvinBot]

Triggered auto assignment to @dangrous (Engineering), see https://stackoverflow.com/c/expensify/questions/4319 for more details.

[dangrous]

Oop yep @lschurr did you make the [Attachment] italic (i.e. _[Attachment]_)? That made it work for me. It's in the title but it's not in the reproduction instructions

EDIT: And by "made it work" I mean the bug did indeed show up.

[lschurr]

Ah, I'll change the repro steps. Do you think this should be external or internal @dangrous?

[dangrous]

I think External should be fine!

[MelvinBot]

Unable to auto-create job on Upwork. The BZ team member should create it manually for this issue. cc @thienlnam

[MelvinBot]

Current assignee @lschurr is eligible for the External assigner, not assigning anyone new.

[MelvinBot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @rushatgabhane (External)

[Prince-Mendiratta]

Proposal

Please re-state the problem that we are trying to solve in this issue.

In this issue, we can notice that if the user sends a message [Attachment] that is formatted using italics or bold, it is interpreted as an image and thus, the download context menu is shown.

What is the root cause of that problem?

To check if the Download context menu item should be shown, we check if the report action has the isAttachment property. If it does and the value is true, we show the download context menu item.

App/src/pages/home/report/ContextMenu/ContextMenuActions.js

Lines 92 to 95 in eabb983

	const isAttachment = _.has(reportAction, 'isAttachment')
	? reportAction.isAttachment
	: ReportUtils.isReportMessageAttachment(message);
	return isAttachment && reportAction.reportActionID;

.

Now, there are 2 phases to this issue:

1. When we send _[Attachment]_, the backend itself interprets it as an attachment and sends the value of isAttachment as true. This does not allow the ReportUtils.isReportMessageAttachment to come into play.
2. Secondly, even if there is no isAttachment or the value is set to false, the isReportMessageAttachment method verifies if it is an attachment if both of these two conditions are true:
   1. The text is [Attachment].
   2. The html is not [Attachment]. This causes the issues since if the message is formatted, then the html will be <em>[Attachment]</em>.

https://github.com/Expensify/App/blob/0763be562293a1b9e3782eaeee0843a7f805e38d/src/libs/isReportMessageAttachment.jsL10-L12

What changes do you think we should make in order to solve the problem?

To fix this issue, we will need to improve our conditional verification. In addition to the above mentioned 2 conditions, we should also check if the HTML contains a data-expensify-source. If it is an attachment, it must contain this attribute. We will have to add the condition:
_.contains(html, CONST.ATTACHMENT_SOURCE_ATTRIBUTE) to the isReportMessageAttachment method.

Thus, we will have to add this condition and this in conjugation with the backend changes will fix this issue.

What alternative solutions did you explore? (Optional)

With the new updates, we can get rid of the ReportUtils.isReportMessageAttachment method and let the single source of truth be the message property. We will need to accordingly change all the reliance on this method to use the message property.

[MelvinBot]

Current assignee @dangrous is eligible for the External assigner, not assigning anyone new.

[eh2077]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Send a italic [Attachment] message

_[Attachment]_

It's considered as an attachment and can be downloaded, which is incorrect.

What is the root cause of that problem?

The italic [Attachment] message

_[Attachment]_

is saved as

{
	"html": "<em>[Attachment]</em>",
  "text": "[Attachment]"
}

See below page inspection picture

We check if a report action is an attachment here

App/src/pages/home/report/ContextMenu/ContextMenuActions.js

Lines 92 to 94 in 8adee6b

	const isAttachment = _.has(reportAction, 'isAttachment')
	? reportAction.isAttachment
	: ReportUtils.isReportMessageAttachment(message);

If property isAttachment of reportAction is set, then we use it to determine if this action is an attachment. If not, we check it through message using method isReportMessageAttachment.

From the inspection picture above, the property isAttachment of action is set to true and isAttachment is correctly set from frontend method buildOptimisticAddCommentReportAction. So the root cause is that backend sets the wrong value to property isAttachment.

We can also dig why the App crash is not caught by the error boundary page if we click download from native App.

Expected error boundary page	Click download exit App	Uncaught error from debug
	RPReplay_Final1681402826.mp4

From the error stack, we found that the error occurred in the event handler which is asynchronous and can't be caught by error boundary without tricks. The error boundary only catches errors during rendering, see more.

What changes do you think we should make in order to solve the problem?

To fix this issue, a backend fix will be needed to set right value to property isAttachment. Frontend fix is also necessary as there's a flaw in method isReportMessageAttachment

App/src/libs/isReportMessageAttachment.js

Lines 10 to 12 in 8adee6b

	export default function isReportMessageAttachment({text, html}) {
	return text === CONST.ATTACHMENT_MESSAGE_TEXT && html !== CONST.ATTACHMENT_MESSAGE_TEXT;
	}

The second condition html !== CONST.ATTACHMENT_MESSAGE_TEXT is not always correct for new comment like

_[Attachment]_

[[Attachment]](https://www.google.com)

Those comments' html are not equal to CONST.ATTACHMENT_MESSAGE_TEXT but they're considered as attachments though they're not attachments.

Searching usage of method isReportMessageAttachment in the codebase, we can find that, in some cases, we only use message to check if an action is an attachment. For example, the copy to clipboard icon won't be shown in the context menu after the backend fixing the invalid isAttachment issue, see

App/src/pages/home/report/ContextMenu/ContextMenuActions.js

Lines 141 to 143 in 8adee6b

	shouldShow: (type, reportAction) => (type === CONTEXT_MENU_TYPES.REPORT_ACTION
	&& reportAction.actionName !== CONST.REPORT.ACTIONS.TYPE.IOU
	&& !ReportUtils.isReportMessageAttachment(_.last(lodashGet(reportAction, ['message'], [{}])))),

We can have a more robust isReportMessageAttachment method by reusing this similar regex from getAttachmentDetails.js which contains a special attribute name of Expensify source. The new method will be like

export default function isReportMessageAttachment({text, html}) {
    const regex = new RegExp(` ${CONST.ATTACHMENT_SOURCE_ATTRIBUTE}="(.+?)"`, 'i');
    return text === CONST.ATTACHMENT_MESSAGE_TEXT && html.match(regex);
}

We can also check isAttachment and isReportMessageAttachment together to determine if an action is an attachment. We can improve this kind of checking

App/src/pages/home/report/ContextMenu/ContextMenuActions.js

Lines 92 to 94 in 8adee6b

	const isAttachment = _.has(reportAction, 'isAttachment')
	? reportAction.isAttachment
	: ReportUtils.isReportMessageAttachment(message);

to

const isAttachment = lodashGet(reportAction, 'isAttachment', false) && ReportUtils.isReportMessageAttachment(message);

Below are test cases to verify the solution

_[Attachment]_

[[Attachment]](https://www.google.com)

[[Attachment]](https://www.google.com/?data-expensify-source=)

What alternative solutions did you explore? (Optional)

N/A

[MelvinBot]

Job added to Upwork: https://www.upwork.com/jobs/~013ef972b4b00c3551

[lschurr]

Looks like we have a few proposals already. @rushatgabhane could you review?

[dangrous]

we're waiting on one update but then should be good to merge!

[eh2077]

@dangrous I guessed if we decided to define that string as a constant, then I think we should also support localization for it, like translating it into Spanish as well. Do you agree with this?

[rushatgabhane]

Umm no
Because that text is added by backend as a placeholder for image

[eh2077]

Umm no Because that text is added by backend as a placeholder for image

@rushatgabhane Thanks for the information! I'll save this context in the comment.

[eh2077]

@dangrous @rushatgabhane Please help to review PR #19618, thank you!

[dangrous]

merged!

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.3.21-2 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• fix 17289 regression don't show edit and download button when attachment is uploading #19618

If no regressions arise, payment will be issued on 2023-06-08. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

As a reminder, here are the bonuses/penalties that should be applied for any External issue:

• Merged PR within 3 business days of assignment - 50% bonus
• Merged PR more than 9 business days after assignment - 50% penalty

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@rushatgabhane] The PR that introduced the bug has been identified. Link to the PR:
• [@rushatgabhane] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@rushatgabhane] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@rushatgabhane] Determine if we should create a regression test for this bug.
• [@rushatgabhane] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@lschurr] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[lschurr]

@dhanashree-sawant @rushatgabhane @eh2077 - Could you apply for the job in Upwork?
https://www.upwork.com/jobs/~01d01935e7c40d4d46

[eh2077]

@lschurr But I have already applied this job https://www.upwork.com/jobs/~018d53d5272968557e and got hired.

[lschurr]

Oh shoot, you're right @eh2077 - got lost on the comments on this one. I will close https://www.upwork.com/jobs/~01d01935e7c40d4d46

[lschurr]

Looks like we just need @rushatgabhane to apply for this one - https://www.upwork.com/jobs/~018d53d5272968557e

[dhanashree-sawant]

Hi @lschurr, I already have a offer for the job on upwork.

[lschurr]

@rushatgabhane - please apply here: https://www.upwork.com/jobs/~018d53d5272968557e

[lschurr]

Also @rushatgabhane - do we need a regression test?

[Prince-Mendiratta]

Gentle bump on this @dangrous

[rushatgabhane]

@Prince-Mendiratta bump for? Could you please elaborate

[rushatgabhane]

@lschurr no we don't need a regression test.

P.S. applied to the job using dad's account - "Satish Gabhane"

[lschurr]

I sent the offer @rushatgabhane - go ahead and accept and we can pay and close this one out.

[dangrous]

Oh right - @lschurr we were going to pay @Prince-Mendiratta a bit of a bonus for helping out, I think $250 should be okay if that's alright with you?

[lschurr]

Cool! @Prince-Mendiratta can you apply here? https://www.upwork.com/jobs/~018d53d5272968557e

[lschurr]

Cool, all paid except for @rushatgabhane - once you accept the offer, we can pay and close this one.

[lschurr]

These are all paid. Closing.