fix: Sidebar message preview showing "undefined"

[gabriellsh]

Proposed changes (including videos or screenshots)

Issue(s)

CORE-1731

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Refactor

  • Unified message preview generation so navigation, sidebar, and sidepanel use a single, consistent preview path.

• Bug Fixes

  • Fixed cases where the sidebar/extended preview could display undefined when messages lacked previewable content.

• Tests

  • Added comprehensive tests covering previews: text, attachments, emoji/markdown, encryption/video cases, user-prefixing, and localization.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is targeting the wrong base branch. It should target 8.2.0, but it targets 8.1.0

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 9ce14ca

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 40 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/abac	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Rename and consolidate message-preview utilities (normalizeNavigationMessage → normalizeMessagePreview, getNavigationMessagePreview → getMessagePreview), remove a legacy sidebar normalizer, update consumers to call the new utilities, and add Jest tests for both normalization and preview logic.

Changes

Cohort / File(s)	Summary
Core utility refactor apps/meteor/client/lib/utils/normalizeMessagePreview/normalizeMessagePreview.ts, apps/meteor/client/lib/utils/normalizeMessagePreview/getMessagePreview.ts	Rename exports to normalizeMessagePreview and getMessagePreview; compute a single normalizedMessage and reuse it across branches, simplifying control flow and replacing previous navigation-specific normalization calls.
Tests added apps/meteor/client/lib/utils/normalizeMessagePreview/getMessagePreview.spec.ts, apps/meteor/client/lib/utils/normalizeMessagePreview/normalizeMessagePreview.spec.ts	Add comprehensive Jest suites covering missing messages, video/E2EE cases, DM vs group behavior, sender prefixes, attachment/title/description selection, emoji/markdown/HTML handling, and i18n translation calls.
Sidebar consumer updates apps/meteor/client/sidebar/RoomList/SidebarItemTemplateWithData.tsx, apps/meteor/client/views/navigation/sidepanel/SidepanelItem/RoomSidePanelItem.tsx, apps/meteor/client/views/navigation/sidepanel/omnichannel/InquireSidePanelItem.tsx	Replace legacy helpers/imports with getMessagePreview / normalizeMessagePreview; remove the local getMessage helper in SidebarItemTemplateWithData and adjust memoization to consider lastMessage.msg.
Removed legacy utility apps/meteor/client/sidebar/RoomList/normalizeSidebarMessage.ts	Delete normalizeSidebarMessage; its responsibility is migrated to normalizeMessagePreview.
Changeset .changeset/polite-candles-punch.md	Add changeset noting fix for sidebar previews showing undefined.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• dougfabris
• cardoso

Poem

🐰 I nibbled through lines with a twitch and a hop,

Mended previews so “undefined” will stop,
Tests tucked me in with a tidy little cheer,
Now sidebars speak softly—no mystery here. 🥕✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the primary fix addressed in this PR: resolving the sidebar message preview displaying undefined.
Linked Issues check	✅ Passed	The PR successfully addresses the linked issue (CORE-1731) by consolidating duplicate message normalization logic and fixing the undefined preview display.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the sidebar message preview undefined issue and consolidating related message normalization utilities.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/messagePreview

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 8 files

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@apps/meteor/client/lib/utils/normalizeMessagePreview/getMessagePreview.ts`:
- Around line 24-33: getMessagePreview currently interpolates sender labels
(lastMessage.u.name, lastMessage.u.username and t('You')) into HTML that may be
injected with dangerouslySetInnerHTML; escape or sanitize these labels before
concatenating to prevent XSS. In the getMessagePreview function, replace direct
interpolation of lastMessage.u.name/username and t('You') with an HTML-escaped
version (or return a structure that renders labels as plain text instead of
HTML) and ensure normalizedMessage remains the sanitized HTML payload; update
the branches that return `${t('You')}: ${normalizedMessage}` and
`${lastMessage.u.name || lastMessage.u.username}: ${normalizedMessage}` to use
the escapedLabel helper (or equivalent) so untrusted names cannot inject markup.

In
`@apps/meteor/client/views/navigation/sidepanel/omnichannel/InquireSidePanelItem.tsx`:
- Around line 31-32: The message preview can become the literal string
"undefined" because normalizeMessagePreview returns string | undefined; replace
its usage in InquireSidePanelItem.tsx by calling
getMessagePreview(room.lastMessage, t) when building the message variable
(currently using normalizeMessagePreview) and update imports to import
getMessagePreview instead of normalizeMessagePreview; ensure you keep the same
prefix logic (room.lastMessage && `${room.lastMessage.u.name ||
room.lastMessage.u.username}: ${...}`) so getMessagePreview supplies a safe
empty string rather than undefined.

🧹 Nitpick comments (1)

apps/meteor/client/lib/utils/normalizeMessagePreview/getMessagePreview.spec.ts (1)

126-152: Add a regression test for sender-name escaping.
Include a case where message.u.name contains HTML (e.g., <img ...>), and assert the preview contains escaped output.

[codecov]

Codecov Report

❌ Patch coverage is 94.44444% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 70.39%. Comparing base (b0a2011) to head (9ce14ca).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #38262      +/-   ##
===========================================
- Coverage    70.44%   70.39%   -0.06%     
===========================================
  Files         3162     3161       -1     
  Lines       110340   110639     +299     
  Branches     19841    19973     +132     
===========================================
+ Hits         77726    77880     +154     
- Misses       30581    30733     +152     
+ Partials      2033     2026       -7     

Flag	Coverage Δ
e2e	60.35% <57.14%> (-0.05%)	⬇️
e2e-api	47.80% <ø> (-0.02%)	⬇️
unit	71.40% <100.00%> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

📦 Docker Image Size Report

➡️ Changes

Service	Current	Baseline	Change	Percent
sum of all images	0B	0B	0B
account-service	0B	0B	0B
authorization-service	0B	0B	0B
ddp-streamer-service	0B	0B	0B
omnichannel-transcript-service	0B	0B	0B
presence-service	0B	0B	0B
queue-worker-service	0B	0B	0B
rocketchat	0B	0B	0B

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 23:26", "12/11 21:56", "12/12 22:45", "12/13 01:34", "12/15 22:31", "12/16 22:18", "12/17 21:04", "12/18 23:12", "12/19 23:27", "12/20 21:03", "12/22 18:54", "12/23 16:16", "12/24 19:38", "12/25 17:51", "12/26 13:18", "12/29 19:01", "12/30 20:52", "02/04 17:04 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.00]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.00]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.00]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.00]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.00]
  line "queue-worker-service" [0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.00]
  line "rocketchat" [0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.00]

Loading

Statistics (last 30 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.4GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 0B

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-38262
• Baseline: develop
• Timestamp: 2026-02-04 17:04:37 UTC
• Historical data points: 30

---

Updated: Wed, 04 Feb 2026 17:04:37 GMT

[dougfabris]

I loved the refactor here, but we should split it from the fix

[gabriellsh]

I loved the refactor here, but we should split it from the fix

I decided to one shot this one because both places suffer from the same issue, and both the "refactored" functions were duplicates (one of which was outdated). If I fixed a single place, we'd still have the issue, if I had fixed both independently, it would look really silly dont you think?

One of the places was having the same issue (showing "undefined") for encrypted messages, so I would also have had to copy the missing part from the other function. Seemed too counterproductive to me.