cubiquitous
commented
2 years ago as far as I can see, escaping all discord markdown characters is the only solution there.
Closed simshadows closed 1 year ago
cubiquitous
commented
2 years ago as far as I can see, escaping all discord markdown characters is the only solution there.
simshadows
commented
2 years ago yeah, I can see it being a valid solution, and it'll be piss easy to implement
cubiquitous
commented
2 years ago Although this issue is solved since #36 we should be careful about code injection. in fact #36 needed an extra fix (#40 ) to deal with html injection.
due to this i'm pinning this issue
For example, I demonstrated this by setting my alt account's username to
lmao **ayy** lmao. This leads to:Fortunately, the Discord UI prevents us from setting usernames that include
@or#symbols, which is a layer of prevention for a lot of user and channel mentions (including the@everyonemention). However, I still think@and#should also be looked into for escaping. I suggest either checking if@and#are restricted server-side, or maybe implementing the escapes anyway if it's easy and cheap to do so.