agar.io-clone icon indicating copy to clipboard operation
agar.io-clone copied to clipboard

Published 20 hours ago verified publisher icon owenashurst

Why no spaces or special chars in name?

Open Kaydax opened this issue 8 years ago • 5 comments

So I have found a way to bypass it and allow players to use special chars in their names, but why is this added into the code in the first place. It would be nice to have the app itself allow players to use special chars in their names.

Kaydax avatar Apr 14 '16 22:04 Kaydax

So I join the game with the name such as <script>for (var i = 0; i < 100000; i++) { alert('yo!'); }</script> and the whole world got crashed :D

huytd avatar Apr 14 '16 23:04 huytd

#XSS

abalabahaha avatar Apr 15 '16 01:04 abalabahaha

The best approach to prevent XSS would be to escape the HTML entities from the name, instead of limiting the name itself. I believe the limitation is there to prevent people from using weird names with symbols and such, though I don't remember exactly.

igorantun avatar Apr 15 '16 02:04 igorantun

Me too

huytd avatar Apr 15 '16 03:04 huytd

Well for now since my thing is only private to me and my friends i will spare my time and work on making some scripts that stop xss from being a problem

Kaydax avatar May 01 '16 17:05 Kaydax