Forum BigDB Clients taking advantage of serverside Player.io code?

Discussion and help relating to the PlayerIO database solution, BigDB.

Clients taking advantage of serverside Player.io code?

Postby UnknownGuardian » November 21st, 2010, 6:08 am

I just got a BigDB object with the text:

Code: Select all
<marquee behavior="scroll" direction="left">Agent_Fire(:D)</marquee>


That makes it so when I am looking through db objects, it scrolls the text. This must be fixed. I don't know if this means that users could inject malicious code into a my browser, but its kind of odd that its parsing the text.
UnknownGuardian
 
Posts: 94
Joined: May 25th, 2010, 5:11 am

Re: Clients taking advantage of serverside Player.io code?

Postby Henrik » November 22nd, 2010, 12:58 pm

Thanks for alerting us to this issue, it will be fixed in the next release.
Henrik
.IO
 
Posts: 1880
Joined: January 4th, 2010, 1:53 pm

Re: Clients taking advantage of serverside Player.io code?

Postby UnknownGuardian » March 17th, 2011, 4:59 am

This was never fixed? I was just browsing though my DB when I came across html text that had parsed. Forming a large text and link. The user had saved this code in the database:
Code: Select all
<head> <body>  <h1>This is a code</h1> <p><a>href="www.kongregate.com"This is a link</a></p>  </body> </head>
UnknownGuardian
 
Posts: 94
Joined: May 25th, 2010, 5:11 am

Re: Clients taking advantage of serverside Player.io code?

Postby Henrik » March 18th, 2011, 11:58 am

Haha, just found an embarrassing bug where it wouldn't encode longer strings in some cases. Fixed, and will be released as soon as we can. Thanks for spotting it.
Henrik
.IO
 
Posts: 1880
Joined: January 4th, 2010, 1:53 pm


Return to BigDB



cron