Open PowerfulBacon opened 1 year ago
I am surprised you noticed that now. This is also applied to AI tracking. AI character name tracking especially needs this.
But AI tracking doesn't use hrefs to determine time.
AI tracking is sanitised properly.
The problem with medhuds is that the time is stored inside the href.
Noticed in #9271, there is a minor href exploit with med huds as the world time is being accepted as user input which can be anything. This lets you view the stats of anyone at any time if you abuse the exploit.