It seems you can work around this by simply saying "Dave and amp semi-colon Busters" in order to get around it. It's a bit of a mouth full, but at least there's a workaround.
I think the point of BlastDoor, as covered in the post, is that Apple is indeed working to prevent injection at the cost of silently failing & poorly handling legitimate messages.
> By being pedantic about the formatting, BlastDoor is protecting the recipient from an exploit that would abuse that type of issue.
So, not impossible, but less likely than you think
It seems you can work around this by simply saying "Dave and amp semi-colon Busters" in order to get around it. It's a bit of a mouth full, but at least there's a workaround.
Honestly, it’s disappointing OP didn’t do this and show the XHTML that came through.
I wonder whether any interesting HTML injection tricks could be done by exploiting autocorrect in the same way.
I think the point of BlastDoor, as covered in the post, is that Apple is indeed working to prevent injection at the cost of silently failing & poorly handling legitimate messages.
> By being pedantic about the formatting, BlastDoor is protecting the recipient from an exploit that would abuse that type of issue.
So, not impossible, but less likely than you think