Why would exporting a url break js? No one would be stupid enough to run JS from an input. This isn’t like a sql query where you might think to put a string directly into a search query. You would have to actively add this exploit in.
Their message contains brackets. Which is what the template engine is using to determine variations.
So the unsanitized user message is being processed by the temple engine, probably kills it with invalid formatting, and the engine no longer applies the templating to the rest of the message leaving the variations in the text sent to the messaging app.
Why would exporting a url break js? No one would be stupid enough to run JS from an input. This isn’t like a sql query where you might think to put a string directly into a search query. You would have to actively add this exploit in.
It’s not executing the code.
Their message contains brackets. Which is what the template engine is using to determine variations.
So the unsanitized user message is being processed by the temple engine, probably kills it with invalid formatting, and the engine no longer applies the templating to the rest of the message leaving the variations in the text sent to the messaging app.