[Due for payment 2025-04-14] [$250] Report- The search doesn't work if display name of user has Double quotes

[IuliiaHerets]

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Version Number: v9.1.0-0
Reproducible in staging?: Yes
If this was caught during regression testing, add the test name, ID and link from TestRail: #56869
Issue reported by: Applause Internal Team
Device used: Macbook/macOS 14.5
App Component: Search

Action Performed:

Precondition: Logged in, A workspace has a member who has Double quotes in his name (e.g: ["" Admin 1802 new])

1. Open app
2. Click on Reports tab
3. Use suuggestion to finish filter with info: status: all, from "" Admin 1802 new, to: BMA Owner 18023

Expected Result:

The value of the from filter should have blue background

Actual Result:

Because "" Admin 1802 new has double quotes so that the system can't recognizes correct syntax. So the value of the from filter doesn't have blue background

Workaround:

Unknown

Platforms:

• Android: Standalone
• Android: HybridApp
• Android: mWeb Chrome
• iOS: Standalone
• iOS: HybridApp
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Bug6747493_1739944982707.Recording__293.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~021892236526130102736
• Upwork Job ID: 1892236526130102736
• Last Price Increase: 2025-03-05

Issue Owner

Current Issue Owner: @isabelastisser

[melvin-bot]

Triggered auto assignment to @isabelastisser (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~021892236526130102736

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @dukenv0307 (External)

[gurus00]

Proposal

Please re-state the problem that we are trying to solve in this issue.

The reports search doesn't work if display name of user has Double quotes

What is the root cause of that problem?

Search query from and to require to include "" outside of the user name

What changes do you think we should make in order to solve the problem?

Enable search with double quotes

What specific scenarios should we cover in automated tests to prevent reintroducing this issue in the future?

N/A

What alternative solutions did you explore? (Optional)

[isabelastisser]

Hey @dukenv0307, please review the proposal when you have a chance. Thanks!

[gurus00]

Please assign it to me. I am confidence to fix this issue soon

[isabelastisser]

@dukenv0307, please review the proposal when you have a chance. Thanks!

[dukenv0307]

@gurus00 Can you share the branch fix and videos? Your solution is too sketchy

[dukenv0307]

bump @gurus00

[gurus00]

@gurus00 Can you share the branch fix and videos? Your solution is too sketchy

Ok, got it

[melvin-bot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[mallenexpensify]

This seems like a pretty extreme edge case, I can't think of "" being part of a username that I've ever seen.
Made LOW for quality, if we don't get an accepted proposal in a week or two, let's close it @isabelastisser . thx

[gurus00]

I will take a look more

[codekane]

Proposal

Please re-state the problem that we are trying to solve in this issue.

When attempting to search for a user from: or to: that contains double quotes within their display name, the syntax is not correctly highlighted (missing background). This is actually a rather superficial assessment, as the bug also extends to successfully performing a search on these users.

Example of what's going on:

When I search for reports with the following (note: autocomplete is correctly suggesting these names)
type:expense status:all from:"Jimmy"" Bonus" to:"Jason Statham" 

If I hit enter on the search, what's displayed in the search is as follows:
type:expense status:all from:Jimmy to:Jason Bonus" Statham"

You'll note this is a bit different than the bug case (my quotes are at the end, instead of the beginning), however it highlights what's actually going on.

What is the root cause of that problem?

I've narrowed it down to the parser - src/libs/SearchParser/autocompleteParser.js, which is in turn being generated by src/libs/SearchParser/autocompleteParser.peggy

The way that it's currently handling this is to look for the next double quote, as is made apparent in my expanded description of the problem. Given that the name contains double quotes, this results in it being truncated, and as a result of this, it's causing problems with the rest of the application (syntax highlighting, as well as with the SubstitutionMap

I'll note that I'm looking in src/components/Search/SearchRouter/getQueryWithSubstitutions.ts, as the source of the line calling the parser.

I base these conclusions on line 74/75 of src/components/Search/SearchAutocompleteInput.tsx

    /** Map of autocomplete suggestions. Required for highlighting to work properly */
    substitutionMap: SubstitutionMap;

What changes do you think we should make in order to solve the problem?

I think that the rules in the src/libs/SearchParser/autocompleteParser.peggy file need to be changed to be able to correctly respect nested double quotes.

Honestly? That's easier said than done. One thought was to change how we're identifying the limits of a string. Right now, we're looking for double quotes, however another way to do it could be to look for the next autocompleteKey, a comma, or else the end of the line. It might be a bit tricky to implement, however I do believe it can be done (with additional effort).

There could be a better way to do this -- that's just a thought. I'm not familiar enough with the library (yet) to have the answer definitively.

What specific scenarios should we cover in automated tests to prevent reintroducing this issue in the future?

• Create a user with quotations in their name
  • Create an expense from that user, to another user
  • Navigate to reports
    • Enter string in search including type: expense from: [fromuser] to: [touser]
    • Verify that users are visually correct (should have background) [QUESTIONABLE]
    • Submit the search
      • Verify that the expense we created earlier is being shown

Like I said, this bug is only superficially with the UI, and is actually indicative of a deeper problem. If the search is the being performed correctly, then that means the UI should have the correct backgrounds (and thus the bug is fixed)

What alternative solutions did you explore? (Optional)

My first thought was to disallow double quotes in people's names.

That was last week, when I thought I had found other bugs associated with usernames containing double quotes, however when I looked back into it today, I found no such problems, and decided to give it a more thorough investigation.

For what it's worth, I think it's kind-of cool to be able to have your name show up as:

James "Jimmy" Neutron

Which is why I put in the effort to debug it thus far.

[gurus00]

@dukenv0307 I found the root cause of that problem
https://github.com/Expensify/App/blob/4ed92ac40e29c7ba46e4a7864def82e125637f5d/src/libs/SearchAutocompleteUtils.ts#L138C1-L146

function filterOutRangesWithCorrectValue(
    range: SearchAutocompleteQueryRange,
    userDisplayName: string,
    substitutionMap: SubstitutionMap,
    userLogins: SharedValue<string[]>,
    currencyList: SharedValue<string[]>,
    categoryList: SharedValue<string[]>,
    tagList: SharedValue<string[]>,
) {

We should fix this function.

Also peg$parse function of the autocompleteParser.js file should be fixed.

[sosek108]

@codekane

or else the end of the line

this shouldn't be done, as user might want to write some string to do more precise filters

[isabelastisser]

@dukenv0307, please follow up. Thanks!

[dukenv0307]

@isabelastisser on it now

[melvin-bot]

Triggered auto assignment to @rafecolton, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[rafecolton]

Just confirming in Slack (internal only) that this is a feature we want to support.

[rafecolton]

Assigning @luacmartins so he gets credit for the extensive review

[isabelastisser]

@codekane @dukenv0307, what's the PR status? Can you please provide an update? Thanks!

[codekane]

@isabelastisser It's been merged into main -- not yet deployed to staging (QA is ongoing, waiting until next cycle)

[isabelastisser]

Thanks for the update!

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 9.1.23-7 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Fix: Report- The search doesn't work if display name of user has Double quotes #58072

If no regressions arise, payment will be issued on 2025-04-14. 🎊

For reference, here are some details about the assignees on this issue:

• @codekane requires payment (Needs manual offer from BZ)
• @dukenv0307 requires payment through NewDot Manual Requests

[melvin-bot]

@dukenv0307 @isabelastisser @dukenv0307 The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed. Please copy/paste the BugZero Checklist from here into a new comment on this GH and complete it. If you have the K2 extension, you can simply click: [this button]

[dukenv0307]

BugZero Checklist:

• [Contributor] Classify the bug:

Bug classification

Source of bug:

• 1a. Result of the original design (eg. a case wasn't considered)
• 1b. Mistake during implementation
• 1c. Backend bug
• 1z. Other:

Where bug was reported:

• 2a. Reported on production
• 2b. Reported on staging (deploy blocker)
• 2c. Reported on a PR
• 2z. Other:

Who reported the bug:

• 3a. Expensify user
• 3b. Expensify employee
• 3c. Contributor
• 3d. QA
• 3z. Other:

• [Contributor] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake.

  Link to comment: New feature

• [Contributor] If the regression was CRITICAL (e.g. interrupts a core flow) A discussion in #expensify-open-source has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner.

  Link to discussion: N/A

• [Contributor] If it was decided to create a regression test for the bug, please propose the regression test steps using the template below to ensure the same bug will not reach production again. Yes

Regression Test Proposal Template

• [BugZero Assignee] Create a GH issue for creating/updating the regression test once above steps have been agreed upon.

  Link to issue:

Regression Test Proposal

Test:

• Precondition: Logged in, A workspace has a member who has Double quotes in his name (e.g: ["" Admin 1802 new])

1. Open app
2. Click on Reports tab
3. Use suuggestion to finish filter with info: status: all, from "" Admin 1802 new, to: BMA Owner 18023
4. Verify that: The value of the from filter should have blue background

Do we agree 👍 or 👎

[melvin-bot]

Payment Summary

Upwork Job

• ROLE: @codekane paid $(AMOUNT) via Upwork (LINK)
• Reviewer: @dukenv0307 owed $250 via NewDot

BugZero Checklist (@isabelastisser)

• I have verified the correct assignees and roles are listed above and updated the necessary manual offers
• I have verified that there are no duplicate or incorrect contracts on Upwork for this job (https://www.upwork.com/ab/applicants/1892236526130102736/hired)
• I have paid out the Upwork contracts or cancelled the ones that are incorrect
• I have verified the payment summary above is correct

[isabelastisser]

Payment summary:

@codekane $250 via Upwork for proposal JOB
C+ review @dukenv0307 owed $250 via NewDot

[isabelastisser]

@codekane what's your Upwork profile?

[codekane]

@isabelastisser

https://www.upwork.com/freelancers/~01d2add8e476e785ad

[isabelastisser]

Thanks, @codekane! I sent you an offer in Upwork.

All set!

[JmillsExpensify]

$250 approved for @dukenv0307