I’ve been working very hard lately on the OngoingWorlds website, and have relised I need quite a lot of help testing the damed thing! I’m too close to it now that I can’t see clearly (a bit like snow-blindness).
I’ve shown it to some of the guys at work, and had some great feedback. Most important was a very serious security flaw which I’d not noticed. Tim created a test game (based on Babylon 5) and a character called Londo Mollari, but started inserting HTML into some of the character fields – like the <marquee> tag. Anyone who knows about the <marquee> tag is that it’s such bad taste that it should never appear on a website ever. It makes the worde move across the page and reminds me of websites from the 1990’s which were full of distracting nonsesne like that.
However, Tim was able to insert the code which creates a <marquee> tag into a character field, and then when you save and view the character, it displays his name scrolling across the page. This is embarassing for now, but could lead to some dangerous problems later if users realise they can insert HTML into my site without it being stripped out. I’ve had a site get hacked before by a Turkish hacker group just by inserting HTML and replacing my homepage for a large image of their own.
I have no idea why people do this. But if they can, they will.
So I’ve updated the code and this won’t happen again. But please if you want to prove me wrong, go right ahead and see what kind of mess you can make. I’d rather find out now!
Button on homepage
So I’ve added a button linking to the “alpha” site on the Ongoing Worlds Homepage, explaining it’s still in development but for people to go have a look if they’d like.