Text Mesh Pro - Could Rich Text / Escape Characters Be Abused?

AebiDaPa · April 12, 2019, 4:08pm

Maybe a bit of a dumb question but what would be the worst way (if there’s any) a user with an input field could abuse rich text editing / escape characters … anything like this to ruin the user experience for other users seeing the text?
would it be only visual or could he for example type <link=“scam.exe”> inside the input field and spread a virus ;)?

i don’t want to disable these options if possible since i’m using them myself.

Cheers

Stephan_B · April 12, 2019, 5:30pm

Tags that are not understood or invalid are simply displayed as text. It is not possible to hijack a tags like in your example <link=“scam.exe”> as for example “<link=“ID”>the words the show up” the ID just represents a unique ID for you in your own code to know what tag is being interacted with and to implement some functionality based on that ID. So this is just an ID and doesn’t do / mean anything. It is passive.

Topic		Replies	Views
Rich text exploit with TMP Unity Engine UGUI , TextMesh-Pro , com_unity_textmeshpro	7	4585	January 2, 2023
richtext in inputfield Unity Engine UGUI	2	3127	November 25, 2015
Issue with Rich Text and return. Unity Engine UGUI	3	2030	April 17, 2015
[uGUI] Rich Text markup and anchor tags Unity Engine UGUI	5	5233	May 29, 2015
How to escape tags Unity Engine UGUI , TextMesh-Pro , com_unity_textmeshpro	2	2304	March 12, 2020

Text Mesh Pro - Could Rich Text / Escape Characters Be Abused?

Related topics