BOD Book naming code

Discussion in 'Bug Reports' started by Erlkonig, Jul 23, 2015.

  1. Erlkonig

    Erlkonig Well-Known Member
    UO:R Subscriber

    Joined:
    Jun 14, 2015
    Messages:
    1,131
    Likes Received:
    1,165
    I noticed after renaming a BOD book Garbage\ that the backslash would insert a </font> at the end of the name. So I renamed the book <basefont color=red>G\ and it applied the </font> which caused the title in the bod to turn red.
    bodd.png
    Zyler likes this.
  2. Chris

    Chris Renaissance Staff
    Renaissance Staff

    Joined:
    May 14, 2012
    Messages:
    3,385
    Likes Received:
    6,195
    This is actually intended behavior. There is actually some very low level HTML tagging going on in some of the gumps ingame. So when you use that character it can break that section of the display, but otherwise cause no other issues.

    Ill take a look at sanitizing the input for "/"/"><" in the future.
  3. Mindless

    Mindless Well-Known Member
    UO:R Subscriber

    Joined:
    Aug 21, 2014
    Messages:
    1,357
    Likes Received:
    1,153
    Security Alert: Watch out for SQL ... err HTML injections! (Kidding of course)

Share This Page