wrparker
commented
4 years ago It's also likely we need to implement some kind of secure mode for MXP. http://www.gammon.com.au/forum/bbshowpost.php?bbsubject_id=222
Open wrparker opened 4 years ago
wrparker
commented
4 years ago It's also likely we need to implement some kind of secure mode for MXP. http://www.gammon.com.au/forum/bbshowpost.php?bbsubject_id=222
27 introduced automated negotiation for TTYPE and MXP. Now we need to deal with MXP output.
MXP tags are initiated by the following characters:
<,>, and&.For clients using MXP they must be replaced:
<=<>=>"="&=&Input should be santized when MXP is enabled such that MXP is only sendable by the mud server and not via players in communication.
MXP should be allowed for:
There may be ways to abstract out player name such that anytime a player name is called, if MXp is enabled we create a linkable "whois" command.
For example:
say <send>hi</send>right now in mudlet allows linking of a "hi" command. This doesn't work in MUSHclient, but either way tags should be properly sanitized.More information is available on this guide: https://www.gammon.com.au/mushclient/addingservermxp.htm