Closed Arklur closed 1 year ago
This is really critical as it could enable XSS!
we need a general function to escape these chars then, because it also happens in the costcalculator (and possibly everywhere where there is a guild name, so guild expedition(?) and guild battlegrounds)
Whatever you did within the last update: It made it worse:
It seems if the name of a guild includes the
<>
characters, the name is not shown, likely because the special characters are not escaped, become the part of the HTML itself:Windows 10 64 Bit Chrome 106.0.5249.119 (64 bit) us1 (Arvahall) 2.11.0.0 - English