You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(Related to #187...) There are cases where we do want users to be able to mark up color and such (writing message board notes and the like) but in many other cases that may be detrimental for various reasons.
We may want a mechanism where color codes and the like can only be used on certain commands? Also, can only be used if the user has "permissions" to do so? On a case by case basis, an admin may also allow say commands and the like to be colorized. (Recommend any default implementation though to be careful not to let them impersonate line wrapped texts to look like "real" game output.)
For this ticket, we need to give some heavier architectural thought about when/how we sanitize user inputs. We need to ensure that user inputs like say \ACTUAL escape codes here also definitely get sanitized before the command processor. (At least I think all escape codes the server receives should never get passed through to command processing...) Write tickets for any follow-up work discovered.
The text was updated successfully, but these errors were encountered:
(Related to #187...) There are cases where we do want users to be able to mark up color and such (writing message board notes and the like) but in many other cases that may be detrimental for various reasons.
We may want a mechanism where color codes and the like can only be used on certain commands? Also, can only be used if the user has "permissions" to do so? On a case by case basis, an admin may also allow say commands and the like to be colorized. (Recommend any default implementation though to be careful not to let them impersonate line wrapped texts to look like "real" game output.)
For this ticket, we need to give some heavier architectural thought about when/how we sanitize user inputs. We need to ensure that user inputs like
say \ACTUAL escape codes herealso definitely get sanitized before the command processor. (At least I think all escape codes the server receives should never get passed through to command processing...) Write tickets for any follow-up work discovered.The text was updated successfully, but these errors were encountered: