"<" (less than sign) doesnt show up in the chat, removes everything after it

[rowleto]

Pretty self explanatory. I sent a variety of messages and all of them featuring the "less than" symbol got truncated in one way or another. Tested both in the hero sandbox and in a private bot match.

View attachment rec.mp4

 

[kq_bien]

Seems XSS prevention was implemented in a weird way, hence why the text following a > doesn't get cutoff. "< abc def > xyz" renders only "xyz".
Weridly enough, typing &lt; renders a "<" just fine in the bottom chat, but not the top 'dialog box' chat.

Actually attempting to render HTML elements by typing <iframe src=""></iframe> (<iframe src=""></iframe>) didn't work.
But <h1>TEST (<h1>TEST) made the top text tiny, which is 99% a spooky exploit...
It seems that Deadlock uses its own XML style chat formatting system...I wonder what tags change the text color?

 

[Krotti]

Yep, you can inject HTML with that and load images. Possibly a bad thing?

 

[Giamiester]

Yeah this can be bad and is not sanitised (insert New World MMO PTSD flashbacks here)

 

[Anx]

Great find

 

[maniac1122]

KISAK!! Top 10 tricks divine gamers hate!

 

[phplordu]

you can ip log with this. As covered in this post

 

[Beamic]

you can ip log with this. As covered in this post

Glad my IP could be of service LOL