Home > Website Development > OngoingWorlds website goes into alpha

OngoingWorlds website goes into alpha

I’ve been working very hard lately on the OngoingWorlds website, and have relised I need quite a lot of help testing the damed thing! I’m too close to it now that I can’t see clearly (a bit like snow-blindness).

Screenshot of the Ongoing Worlds homepage

Screenshot of the Ongoing Worlds homepage (taken 11th Feb 2010)

I’ve shown it to some of the guys at work, and had some great feedback. Most important was a very serious security flaw which I’d not noticed. Tim created a test game (based on Babylon 5) and a character called Londo Mollari, but started inserting HTML into some of the character fields – like the <marquee> tag. Anyone who knows about the <marquee> tag is that it’s such bad taste that it should never appear on a website ever. It makes the worde move across the page and reminds me of websites from the 1990’s which were full of distracting nonsesne like that.

However, Tim was able to insert the code which creates a <marquee> tag into a character field, and then when you save and view the character, it displays his name scrolling across the page. This is embarassing for now, but could lead to some dangerous problems later if users realise they can insert HTML into my site without it being stripped out. I’ve had a site get hacked before by a Turkish hacker group  just by inserting HTML and replacing my homepage for a large image of their own.

I have no idea why people do this. But if they can, they will.

So I’ve updated the code and this won’t happen again. But please if you want to prove me wrong, go right ahead and see what kind of mess you can make. I’d rather find out now!

Button on homepage

So I’ve added a button linking to the “alpha” site on the Ongoing Worlds Homepage, explaining it’s still in development but for people to go have a look if they’d like.

Try it out - In development

Try out OngoingWorlds alpha site - In development

Advertisements
Categories: Website Development
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s