Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
[Sugarcube 2] Preventing Code Injection via a Text Input
Hey there,
I'm working on a game in the Sugarcube 2 format at the moment, and I've run into something that might be an issue. At one point, I allow the player to name a few different things, but I've come to realize that if the player names these items something such as "<<set $Gold to 999999>>" then that code will be run every time I would have otherwise just called what was supposed to be a name.
I figured I might be able to stop this with <<print>> but I haven't had any luck with that, and admittedly I don't really know much about Javascript to be able to manipulate the strings to limit them to alphanumeric symbols, or at least stop this code from being run. Anyone have any ideas on how I could prevent this? Thank you!
I'm working on a game in the Sugarcube 2 format at the moment, and I've run into something that might be an issue. At one point, I allow the player to name a few different things, but I've come to realize that if the player names these items something such as "<<set $Gold to 999999>>" then that code will be run every time I would have otherwise just called what was supposed to be a name.
I figured I might be able to stop this with <<print>> but I haven't had any luck with that, and admittedly I don't really know much about Javascript to be able to manipulate the strings to limit them to alphanumeric symbols, or at least stop this code from being run. Anyone have any ideas on how I could prevent this? Thank you!
Comments
Of the two, the former is likely the better approach here.
How do you have your inputs setup?
I assume it's something simple, however, I'd rather not give an example and have you come back saying it doesn't work with what you already have.
The either() function has no place here. While you could use a combination of <Array>.some() and <String>.includes(), the best thing would probably be to use a regular expression.