| 1 May 2025 |
 @joepie91:pixie.town | no it wasn't | 15:40:47 |
| @joepie91:pixie.town | there are no circumstances under which this check is a reasonable implementation | 15:40:56 |
| @joepie91:pixie.town | I literally provided the improved version above | 15:41:05 |
 @emma:rory.gay | besides, friendly reminder that you dont need a word boundary | 15:41:18 |
| @emma:rory.gay | joepie91 🏳️🌈Yorusaka Miyabi [DO NOT DM]WeetHet | 15:41:45 |
| @joepie91:pixie.town | I feel like you keep missing my point here | 15:41:49 |
| @emma:rory.gay | maybe i am, but i dont see a point besides "you should add word boundary checks" | 15:42:34 |
| @joepie91:pixie.town | if you are assuming that a mention contains an @, which that code does, then it should have done an additional check for the @ actually being attached to something instead of just counting @s | 15:42:53 |
| @joepie91:pixie.town | and this is like, table stakes string matching stuff, this is not something obscure or complicated, this is pretty much the answer you end up at after a few minutes of thinking about it | 15:43:20 |
| @joepie91:pixie.town | it's the lowest of low-hanging fruit for preventing false positives, and it clearly wasn't done | 15:43:34 |
| @emma:rory.gay | i mean, i would assume that it is? i dont see what wrong with the current code | 15:43:44 |
| @emma:rory.gay | anything more than this would completely miss the actual behavior of legacy mentions on matrix, which is just a string.contains() | 15:44:15 |
| * @joepie91:pixie.town sighs | 15:44:25 |
| @joepie91:pixie.town | string.contains does not involve @s at any point and so is in no way relevant to the point I am making here | 15:44:50 |
| @joepie91:pixie.town | I am running out of ways to say this | 15:45:10 |
| @emma:rory.gay | unless you meant to say that this would be right solution | 15:45:14 |
| @joepie91:pixie.town | there is the @ case and the non-@ case | 15:45:17 |
| @joepie91:pixie.town | I am talking about the @ case, not about the non-@ case | 15:45:23 |
| @joepie91:pixie.town | string.contains is the non-@ case | 15:45:48 |
| @joepie91:pixie.town | there is presumably an @ case because otherwise this @-counting code would not exist | 15:46:03 |
| @emma:rory.gay | the @ case isnt really a real case either | 15:46:18 |
| @joepie91:pixie.town | and the @ case is implemented wrong in a very trivial-to-improve way that has nevertheless not been done | 15:46:23 |
| @joepie91:pixie.town | so then why is there @-counting code at all? | 15:46:33 |
| @emma:rory.gay | the only part where the @ case is relevant, is if they print the MXID (which was the first iteration of ping spam), which pings user because mxid.contains(user.localpart) == true | 15:46:59 |
| @joepie91:pixie.town | and so there would be something attached to the @ and so you should be checking for that, not just counting isolated @s | 15:47:42 |
| @emma:rory.gay | ideally, you'd check for just localparts and displaynames, yes | 15:48:01 |
| @joepie91:pixie.town | no, that is not what I said | 15:48:09 |
| @emma:rory.gay | oh, did you mean matching @.*:.*? | 15:48:35 |
| @emma:rory.gay | aka "is it a valid mxid" | 15:48:42 |
| @emma:rory.gay | * oh, did you mean matching /@.*:.*/? | 15:49:03 |
