If you input \ into the crafting window it causes a UI error.
TypeError: Cannot read property ‘job_name’ of undefined
TypeError: Cannot read property ‘length’ of undefinded at null._orderCompleted
Thanks for pointing this one out. Most characters seem to be fine, but it looks like a handful have interesting results.
I did some additional testing and found some more characters that can break the UI:
\ |{}
Of interest here is the fact that those characters relate exactly to the hotkeys used for the slice view in the UI (\ turns slice view on, [ lowers the view, ] raises the view). I’m going to bet it turns out to be an issue with those hotkey commands interfering with the code for the input box on the crafting window.
Most other hotkeys also work when typing into an input box too (although depending on the situation they might have no effect).
2 Likes
[]{} are also JSON, and / is often seen in file paths. We might accidentally have done this sort of thing:
Of course, that may not be the case. It may indeed be hotkey related, and Radiant’s code may be perfectly injection safe. But why would I miss the opportunity to quote xkcd?
3 Likes
I guess it could be a sanitization error. I forgot that back slash \ is used as an escape character in json. It’s possible that double quotes " doesn’t cause an error because it’s the only character that is already sanitized.
2 Likes