search

Mondego / rcat

A web server for massively multi-user online applications
8 stars 3 forks source link

Fix Javascript Injection in player name #81

Open arthur00 opened 11 years ago

arthur00 commented 11 years ago

Player name allows injection of HTML and script coding. Solution: restrict characters that can be used or guarantee string output of the name.