AkkomaGang/akkoma

Fork 117

[bug] Invalid emoji ID in EmojiReact activity #1042

New issue

Closed

opened 2026-01-04 18:25:15 +00:00 by silverpill · 5 comments

silverpill commented

2026-01-04 18:25:15 +00:00

Your setup

No response

Extra details

No response

Version

3.17.0

PostgreSQL version

No response

What were you trying to do?

I receive emoji reaction activity where Emoji object has ID that is not properly encoded. The problem is similar to #820.

What did you expect to happen?

ID should be a valid URI (or not included at all, as was decided in #820)

What actually happened?

The name of emoji pack in id and icon.url is not encoded

Logs

No response

Severity

I can manage

Have you searched for this issue?

I have double-checked and have not found this issue mentioned anywhere.

### Your setup _No response_ ### Extra details _No response_ ### Version 3.17.0 ### PostgreSQL version _No response_ ### What were you trying to do? I receive emoji reaction activity where Emoji object has ID that is not properly encoded. The problem is similar to https://akkoma.dev/AkkomaGang/akkoma/issues/820. ### What did you expect to happen? ID should be a valid URI (or not included at all, as was decided in https://akkoma.dev/AkkomaGang/akkoma/issues/820) ### What actually happened? The name of emoji pack in `id` and `icon.url` is not encoded ### Logs _No response_ ### Severity I can manage ### Have you searched for this issue? - [ ] I have double-checked and have not found this issue mentioned anywhere.

silverpill added the

bug

label

2026-01-04 18:25:15 +00:00

silverpill commented

2026-01-04 18:26:52 +00:00

Author

Pleroma bug report: https://git.pleroma.social/pleroma/pleroma/-/issues/3389
Also, one of Pleroma devs asked me to include this in my report, because you might find it useful: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/4364

Pleroma bug report: https://git.pleroma.social/pleroma/pleroma/-/issues/3389 Also, one of Pleroma devs asked me to include this in my report, because you might find it useful: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/4364

Oneric commented

2026-01-04 18:59:48 +00:00

Owner

We (should) never sent out Emoji objects with an id field. Are you sure you get those activities from up-to-date, unpatched Akkoma instances?

We (should) never sent out Emoji objects with an `id` field. Are you _sure_ you get those activities from up-to-date, unpatched Akkoma instances?

Oneric commented

2026-01-04 19:09:48 +00:00

Owner

ok, for whatever reason, emoji reaction builder in web/activity_pub/builder.ex does not use the same "Emoji" template as others, but a bespoke "Emoj" template which actually still contains bogus "id" fields…

ok, for whatever reason, emoji reaction builder in `web/activity_pub/builder.ex` does not use the same `"Emoji"` template as others, but a bespoke `"Emoj"` template which actually still contains bogus `"id"` fields…

👀 1

silverpill commented

2026-01-04 19:14:04 +00:00

Author

No, I am not 100% sure, I only verified it on Pleroma.
But the original report came from an Akkoma user: https://portal.gb0.dev/nodeinfo/2.1.json

No, I am not 100% sure, I only verified it on Pleroma. But the original report came from an Akkoma user: https://portal.gb0.dev/nodeinfo/2.1.json

Oneric referenced this issue from a commit

2026-01-05 03:16:26 +00:00

fed/out: also represent emoji as anonymous objects in reactions

Oneric referenced this issue

2026-01-05 03:24:52 +00:00

Various fixes #1043

Oneric referenced this issue from a commit

2026-01-05 03:25:35 +00:00

fed/out: also represent emoji as anonymous objects in reactions

Oneric referenced this issue from a commit

2026-01-05 03:34:56 +00:00

fed/out: also represent emoji as anonymous objects in reactions

Oneric referenced this issue from a commit

2026-01-05 04:02:14 +00:00

fed/out: also represent emoji as anonymous objects in reactions

Oneric closed this issue

2026-01-05 14:38:33 +00:00

phnt commented

2026-03-07 19:06:34 +00:00

Contributor

Sorry for the late reply, this got closed before a fix landed in Pleroma and then I promptly forgot about it.

Using URI.encode from Elixir's standard library is not sufficient to fix this. The docs aren't very clear about it and recently changed which made it even less clear, but URLs like: https://example.com/emoji/funny?pack/touching[grass].png will be left completely unencoded. URI.encode only encodes characters that are forbidden in the whole URI and not just the Path segment of it. Using URI.char_unreserved? as a URI.encode predicate isn't proper either as that is too greedy.

I'm the one that told @silverpill to mention the MR from Pleroma which includes a URIEncoding module that mostly fixes the Elixir module along with other bug fixes regarding URI encoding in Pleroma which also should still affect Akkoma afaik.

Since the move to Forgejo, the old Gitlab MR can now be found at https://old.git.pleroma.social/pleroma/pleroma/-/merge_requests/4364 until April.
Pleroma MR that also fixed this emoji encoding issue here on old Gitlab: https://old.git.pleroma.social/pleroma/pleroma/-/merge_requests/4417

If you want an example emoji with a completely valid URL and filename that should also break in Akkoma: https://pl.borked.technology/emoji/weird emoji/touching?%20[草].png
Note: The URL should be used as-is even though Forgejo split it. In other words, it needs to be double-encoded since that is the actual name of the emoji pack and name of the file.
This is how it should look in the end: https://pl.borked.technology/emoji/weird%20emoji/touching%3F%2520%5B%E8%8D%89%5D.png

Sorry for the late reply, this got closed before a fix landed in Pleroma and then I promptly forgot about it. Using [`URI.encode`](https://hexdocs.pm/elixir/URI.html#encode/2) from Elixir's standard library is not sufficient to fix this. The docs aren't very clear about it and recently changed which made it even less clear, but URLs like: `https://example.com/emoji/funny?pack/touching[grass].png` will be left completely unencoded. `URI.encode` only encodes characters that are forbidden in the whole URI and not just the Path segment of it. Using `URI.char_unreserved?` as a `URI.encode` predicate isn't proper either as that is too greedy. I'm the one that told @silverpill to mention the MR from Pleroma which includes a `URIEncoding` module that mostly fixes the Elixir module along with other bug fixes regarding URI encoding in Pleroma which also should still affect Akkoma afaik. Since the move to Forgejo, the old Gitlab MR can now be found at https://old.git.pleroma.social/pleroma/pleroma/-/merge_requests/4364 until April. Pleroma MR that also fixed this emoji encoding issue here on old Gitlab: https://old.git.pleroma.social/pleroma/pleroma/-/merge_requests/4417 If you want an example emoji with a completely valid URL and filename that should also break in Akkoma: https://pl.borked.technology/emoji/weird emoji/touching?%20[草].png Note: The URL should be used as-is even though Forgejo split it. In other words, it needs to be double-encoded since that is the actual name of the emoji pack and name of the file. This is how it should look in the end: https://pl.borked.technology/emoji/weird%20emoji/touching%3F%2520%5B%E8%8D%89%5D.png

No milestone

No project

No assignees

3 participants

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

AkkomaGang/akkoma#1042

No description provided.

Rows
Columns