deleted
Assigned
Reported
MC-211548
Drowned's do not copy the NBT of their Tridents when thrown
Duplicate
MC-145544
Buttons on command blocks don't line up with the texture
Duplicate
WEB-268
XSS vuln on beta.minecraft.net
Fixed
WEB-217
Official API endpoint for user profiles
Invalid
WEB-216
Impossible to get users UUIDs without hitting a rate limit
Invalid
MC-89760
Skin's jacket parts do not show up under specific conditions
Fixed
WEB-124
Textures server returns non-PNG images
Fixed
WEB-119
Inconsistent Content-Type for cape textures
Won't Fix
WEB-118
stats.minecraft.net not reachable
Works As Intended
WEB-117
Can't look up user 'u' and 'Z'
Works As Intended
WEB-49
Non alphanumeric username
Fixed
WEB-27
Minecraft textures aren't compressed
Invalid
WEB-12
api.mojang.com doesn't return UUID for "Steve" account
Won't Fix
WEB-13
api.mojang.com/users/profiles/minecraft/<name> inconsistency with 'at' parameter
Invalid
WEB-14
skins.minecraft.net/MinecraftSkins redirects to cape when no skin exists
Fixed
WEB-7
Getting the UUID/profile for Steve returns HTTP 400
Cannot Reproduce
MC-37661
dataTag parsing/escaping issue
Fixed
MC-37025
/tellraw crashes clients
Duplicate
Comments
This is intentional. Soul sand is strange, and entities sink down slightly when in it.
Thanks for the comment, that makes sense. However, I would then argue there's a bug in other parts of the API because they still return info for users that do not (no longer) exist, for example: https://sessionserver.mojang.com/session/minecraft/profile/ca58c68cf220499b944926cb4f25c2c6
Well then, could you please allow filing issues as feature request? It's currently not possible.
@nighter could you explain why this is closed as "invalid"? @KrisJelbring agreed that people would benefit from this. Or am I missing something and there is an official API endpoint for user profiles?
Ha! Didn't know other people track this stuff so closely, should have used the search bar π
The issue isn't correctly fixed.
I told you π
Otherwise some skins, including Notch's, would result in a fully opaque (not intended) jacket layer (or at least hat layer for < 1.8 skins)
This is how Notch looks like in the game now:
[media]This can't possibly be intended? Please re-open.
Obviously ΓΌ was allowed some time ago, otherwise it wouldn't exist. It doesn't matter whether they're used or not, it matters that they break things.
Correct, it's an old account, but there's nothing wrong with that. The account ez still exists, too. The character limit prevents people from creating new accounts with short names, but shorter names are still fully compatible with Mojang's APIs etc. Usernames with non alphanumeric characters are not.
Done.
Can I set this to public now that the bug is fixed?
Your fix looks good:
if (e.protocol() === "http" || e.protocol() === "https" || e.toString().indexOf("/") === 0) {
// ...Should be safe now!
I had the UUID somewhere, and you can get the username via UUID: https://api.mojang.com/user/profiles/ca58c68cf220499b944926cb4f25c2c6/names
Yep, UUID for Z is ca58c68cf220499b944926cb4f25c2c6.
One more thing:
Since https://beta.minecraft.net/logout/ works via a GET request, a potential attacker could remotely log you out (e.g. by embedding an <img> with that URL), before sending you the malicious link, thus forcing the login page to show up.
This is in itself not a bug, but in this case it increases the attack vector. Other than that it's just plain annoying (see http://superlogout.com/) and you might want to change it to POST-only.
Can you attach your skin file and one or more screenshots of your character in game?
Yep, that's definitely a duplicate of that bug.
Duplicate of MC-89760.
PS: Bug reports like this aren't very helpful without the skin file attached π
Ah right, this is in some ways an extension as it should probably copy all NBT. Is this a duplicate?