html rendering vuln in posting telegram scams to telegram scam room

jjj333-p / spam-police

A matrix bot to monitor and respond to investment scam spamming across the matrix platform, for example in rooms with a permanently offline admin.

GNU Affero General Public License v3.0

21 stars 8 forks source link

Closed jjj333-p closed 10 months ago

jjj333-p commented 1 year ago

html can be sent in original message and it gets rendered in the posting by bot

jjj333-p commented 1 year ago

could inject a invis character inbetween each char, before feeding it to the function

jjj333-p commented 1 year ago

jjj333-p commented 12 months ago

bot also passes through mentions

jjj333-p commented 10 months ago