MALClient icon indicating copy to clipboard operation
MALClient copied to clipboard

Published 20 hours ago verified publisher icon Drutol

Bug: HTML encoding in anime comments

Open DyspC opened this issue 5 years ago • 0 comments

System

  • MALClient Version: 1.5.0.3
  • Platform: Android
  • Also with Windows app on version 5.5.2.0

Description

When increasing the watch count on an anime (whether by swiping on the pic or pressing the + button), the comment associated to that anime on the user's list gets edited following HTML encoding rules (https://www.w3schools.com/html/html_entities.asp) but it's not needed (appears encoded on MAL) Of course, the & gets encoded over and over

It's not on my list's restitution, here's the request MAL does to its backend before and after increasing:

$ curl -s 'https://myanimelist.net/includes/ajax-no-auth.inc.php?t=6' -H 'cookie: MALSESSIONID=rh8m4ta311o0m5k9vs2oeddj24; MALHLOGSESSID=f80ebe2484145d3831d82aeec9bb632e; m_gdpr_mdl=1' -H 'origin: https://myanimelist.net' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36' -H 'content-type: application/x-www-form-urlencoded; charset=UTF-8' -H 'accept: application/json, text/javascript, */*; q=0.01' -H 'referer: https://myanimelist.net/animelist/Dysp?s=haiyo' -H 'authority: myanimelist.net' -H 'x-requested-with: XMLHttpRequest' -H 'dnt: 1' --data 'color=1&id=11785&memId=3846815&type=anime&csrf_token=80d028f62a043516e2f9142a0bdf1f0003e3d905' --compressed | grep -o "Report issue github.*\""
Report issue github<br \/>\r\n&amp;&nbsp;<br><\/td>\n                        <\/tr>\n                        <\/table>\n                "

$ curl -s 'https://myanimelist.net/includes/ajax-no-auth.inc.php?t=6' -H 'cookie: MALSESSIONID=rh8m4ta311o0m5k9vs2oeddj24; MALHLOGSESSID=f80ebe2484145d3831d82aeec9bb632e; m_gdpr_mdl=1' -H 'origin: https://myanimelist.net' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36' -H 'content-type: application/x-www-form-urlencoded; charset=UTF-8' -H 'accept: application/json, text/javascript, */*; q=0.01' -H 'referer: https://myanimelist.net/animelist/Dysp?s=haiyo' -H 'authority: myanimelist.net' -H 'x-requested-with: XMLHttpRequest' -H 'dnt: 1' --data 'color=1&id=11785&memId=3846815&type=anime&csrf_token=80d028f62a043516e2f9142a0bdf1f0003e3d905' --compressed | grep -o "Report issue github.*\""
Report issue github<br \/>\r\n&amp;amp;&nbsp;<br><\/td>\n                        <\/tr>\n                        <\/table>\n                "

Example:

Screenshot

Reproduce:

Simply write one of those & " ' in your comment section and increase the count from the app

DyspC avatar Jun 09 '19 17:06 DyspC