diff --git a/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java b/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java
index 4684e04..928cc75 100644
--- a/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java
+++ b/src/main/java/pro/cloudnode/smp/bankaccounts/commands/BankCommand.java
@@ -397,6 +397,14 @@ public static void setName(@NotNull CommandSender sender, String[] args, String
String name = String.join(" ", Arrays.copyOfRange(args, 1, args.length)).trim();
name = name.length() > 32 ? name.substring(0, 32) : name;
name = name.length() == 0 ? null : name;
+
+ if (name != null && (name.contains("<") || name.contains(">"))) {
+ sender.sendMessage(MiniMessage.miniMessage().deserialize(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.errors.disallowed-characters")),
+ Placeholder.unparsed("characters", "<>")
+ ));
+ return;
+ }
+
account.get().name = name;
account.get().update();
sender.sendMessage(Account.placeholders(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.name-set")), account.get()));
@@ -532,6 +540,13 @@ public static void transfer(@NotNull CommandSender sender, String[] args, String
String description = args.length > 3 ? String.join(" ", Arrays.copyOfRange(args, 3, args.length)).trim() : null;
if (description != null && description.length() > 64) description = description.substring(0, 64);
+ if (description != null && (description.contains("<") || description.contains(">"))) {
+ sender.sendMessage(MiniMessage.miniMessage().deserialize(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.errors.disallowed-characters")),
+ Placeholder.unparsed("characters", "<>")
+ ));
+ return;
+ }
+
if (!confirm && BankAccounts.getInstance().getConfig().getBoolean("transfer-confirmation.enabled")) {
// show confirmation if amount is above this
BigDecimal minAmount = BigDecimal.valueOf(BankAccounts.getInstance().getConfig().getDouble("transfer-confirmation.min-amount"));
diff --git a/src/main/java/pro/cloudnode/smp/bankaccounts/commands/POSCommand.java b/src/main/java/pro/cloudnode/smp/bankaccounts/commands/POSCommand.java
index ccfc894..ef8df51 100644
--- a/src/main/java/pro/cloudnode/smp/bankaccounts/commands/POSCommand.java
+++ b/src/main/java/pro/cloudnode/smp/bankaccounts/commands/POSCommand.java
@@ -110,6 +110,13 @@ public boolean onCommand(final @NotNull CommandSender sender, final @NotNull Com
final @Nullable String description = args.length > 2 ? String.join(" ", Arrays.copyOfRange(args, 2, args.length)) : null;
+ if (description != null && (description.contains("<") || description.contains(">"))) {
+ sender.sendMessage(MiniMessage.miniMessage().deserialize(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.errors.disallowed-characters")),
+ Placeholder.unparsed("characters", "<>")
+ ));
+ return true;
+ }
+
final POS pos = new POS(target.getLocation(), price, description, account.get(), new Date());
pos.save();
player.sendMessage(replacePlaceholders(Objects.requireNonNull(BankAccounts.getInstance().getConfig().getString("messages.pos-created")), pos));
diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml
index 48a23a8..76b5be2 100644
--- a/src/main/resources/config.yml
+++ b/src/main/resources/config.yml
@@ -280,6 +280,9 @@ messages:
no-card: "(!) You must hold your bank card to use this."
pos-items-changed: "(!) The items in the chest have changed. POS cancelled."
pos-create-business-only: "(!) You can only create a POS with a business account."
+ # Provided string includes disallowed characters
+ # Placeholder: - the disallowed characters
+ disallowed-characters: "(!) The provided string contains disallowed characters: "
# Account balance
# Available placeholders: