Bug Fixes
What was the issue(s)?
As described here there was a critical security bug in the steemnova browsergame.
It was caused by the custom bbcode parser that was implemented in steemnova.
Proof of Concept:
[url=javascript:alert(String.fromCharCode(88,83,83))]http://google.com/[/url]
Inserting this piece of code into the alliance description (something basically anybody can do by creating his/her own alliance) would result in the String "XSS" being displayed for the user. Of course a lot more evil actions could also be executed in the users name.
What was the solution?
I replaced the old custom logic:
With a premade and well established library:
As well as some boilerplate code to make it all work.
Unfortunatly this change caused another bug: all linebreaks would disappear from the alliance pages.
But this was soon spotted and also fixed by me here.
Links
Acknowledgements
I (once again) want to thank:
for finding this bug and helping me with testing the bugfix.
who cooperated with us so this bugfix could be quickly released to public before it could be abused!
Posted on Utopian.io - Rewarding Open Source Contributors