It seems you can work around this by simply saying "Dave and amp semi-colon Busters" in order to get around it. It's a bit of a mouth full, but at least there's a workaround.
Not sure if joking, but presumably that then just wouldn't trigger this behaviour:
> If you happen to pronounce the name “Dave and Buster’s” as someone would normally pronounce it, almost like it’s a single word, the transcription engine on iOS will recognize¹ the brand name and correctly write it as “Dave & Buster’s” (with an ampersand).
I think the point of BlastDoor, as covered in the post, is that Apple is indeed working to prevent injection at the cost of silently failing & poorly handling legitimate messages.
> By being pedantic about the formatting, BlastDoor is protecting the recipient from an exploit that would abuse that type of issue.
So, not impossible, but less likely than you think
The code was written by Chuck E. Cheese.
It seems you can work around this by simply saying "Dave and amp semi-colon Busters" in order to get around it. It's a bit of a mouth full, but at least there's a workaround.
Not sure if joking, but presumably that then just wouldn't trigger this behaviour:
> If you happen to pronounce the name “Dave and Buster’s” as someone would normally pronounce it, almost like it’s a single word, the transcription engine on iOS will recognize¹ the brand name and correctly write it as “Dave & Buster’s” (with an ampersand).
Honestly, it’s disappointing OP didn’t do this and show the XHTML that came through.
I wonder whether any interesting HTML injection tricks could be done by exploiting autocorrect in the same way.
I think the point of BlastDoor, as covered in the post, is that Apple is indeed working to prevent injection at the cost of silently failing & poorly handling legitimate messages.
> By being pedantic about the formatting, BlastDoor is protecting the recipient from an exploit that would abuse that type of issue.
So, not impossible, but less likely than you think