Values injected into the template should be escaped

[bobcatfish]

Expected Behavior

It should be possible for me to pass along the body of a github pull request event to a TaskRun + Task.

Actual Behavior

When I'm trying to trigger from a pull request and pass along the description of the pull request to a Task, I run into trouble b/c the description contains characters like \r and \n and I can't figure out how to escape this in the template properly :S

Steps to Reproduce the Problem

Example trigger binding I was using:

---
apiVersion: tekton.dev/v1alpha1
kind: TriggerBinding
metadata:
  name: bobcatfish-review-pipelinebinding
spec:
  params:
    - name: gitrevision
      value: $(body.pull_request.head.sha)
    - name: gitrepositoryurl
      value: "https://github.com/$(body.repository.full_name)"
    - name: pullrequesturl
      value: $(body.pull_request.html_url)
    - name: body
      value: $(body.pull_request.body) # <-- this is where im getting the description of the pull request

Here is an example of the body field of the pull request:

"body": "# Changes\r\n\r\nHI THERE HAHAHA HAHAHA\r\n\r\n# Submitter Checklist\r\n\r\nThese are the criteria that every PR should meet, please check them off as you\r\nreview them:\r\n\r\n- [ ] Includes [tests](https://github.com/tektoncd/community/blob/master/standards.md#principles) (if functionality changed/added)\r\n- [ ] Includes [docs](https://github.com/tektoncd/community/blob/master/standards.md#principles) (if user facing)\r\n- [ ] Commit messages follow [commit message best practices](https://github.com/tektoncd/community/blob/master/standards.md#commit-messages)\r\n\r\n_See [the contribution guide](https://github.com/tektoncd/pipeline/blob/master/CONTRIBUTING.md) for more details._\r\n\r\nDouble check this list of stuff that's easy to miss:\r\n\r\n- If you are adding [a new binary/image to the `cmd` dir](../cmd), please update\r\n  [the release Task](../tekton/publish.yaml) to build and release this image.\r\n\r\n## Reviewer Notes\r\n\r\nIf [API changes](https://github.com/tektoncd/pipeline/blob/master/api_compatibility_policy.md) are included, [additive changes](https://github.com/tektoncd/pipeline/blob/master/api_compatibility_policy.md#additive-changes) must be approved by at least two [OWNERS](https://github.com/tektoncd/pipeline/blob/master/OWNERS) and [backwards incompatible changes](https://github.com/tektoncd/pipeline/blob/master/api_compatibility_policy.md#backwards-incompatible-changes) must be approved by [more than 50% of the OWNERS](https://github.com/tektoncd/pipeline/blob/master/OWNERS), and they must first be added [in a backwards compatible way](https://github.com/tektoncd/pipeline/blob/master/api_compatibility_policy.md#backwards-compatible-changes-first).\r\n\r\n# Release Notes\r\n\r\n```\r\nDescribe any user facing changes here, or delete this block.\r\n\r\nExamples of user facing changes:\r\n- API changes\r\n- Bug fixes\r\n- Any changes in behavior\r\n\r\n```\r\n",

Here is the template I was trying to use:

apiVersion: tekton.dev/v1alpha1
kind: TriggerTemplate
metadata:
  name: bobcatfish-review-triggertemplate
spec:
  params:
    - name: gitrevision
      description: The git revision
      default: master
    - name: gitrepositoryurl
      description: The git repository url
    - name: pullrequesturl
      description: The url of the pull reuqest
    - name: body
  resourcetemplates:
    - apiVersion: tekton.dev/v1alpha1
      kind: PipelineResource
      metadata:
        name: pr-$(uid)
      spec:
        type: pullRequest
        params:
        - name: url
          value: $(params.pullrequesturl)
        secrets:
        - secretName: webhook-secret
          secretKey: token
          fieldName: githubToken
    - apiVersion: tekton.dev/v1alpha1
      kind: PipelineResource
      metadata:
        name: source-repo-$(uid)
      spec:
        type: git
        params:
        - name: revision
          value: $(params.gitrevision)
        - name: url
          value: $(params.gitrepositoryurl)
    - apiVersion: tekton.dev/v1alpha1
      kind: TaskRun
      metadata:
        name: tr-bobcatfish-review-$(uid)
      spec:
        taskRef:
          name: release-notes
        inputs:
          params:
          - name: message
            value: $(params.body) # <-- this is where it all falls apart
          resources:
            - name: repo
              resourceRef:
                name: source-repo-$(uid)

I end up with an error like:

"the object provided is unrecognized (must be of type TaskRun): couldn't get version/kind; json parse error: invalid character '\r' in string literal ({"apiVersion":"tekton.dev/v1al ...)" 

Additional Info

I can't tell if this is a bug or (I'm hoping!) there is some way I can specify the $(params.body) in the trigger template such that the values being passed along can be properly escaped.

[ncskier]

Unfortunately, I think that this is a bug. This is related to issue #257.

However, it might be possible to get around this by escaping the body in the interceptor, and passing the escaped body out of the interceptor?

[bobcatfish]

However, it might be possible to get around this by escaping the body in the interceptor, and passing the escaped body out of the interceptor?

Oh interesting! Maybe that'll work 🤔 that means I'd have to write it in a service tho - i feel like fixing it might be easier XD. This was for a POC I was putting together, if the bug's still around when i get back to it I'll try that out @ncskier :pray :D