Thread: Programming Pokemon Online replay player
View Single Post
Old Oct 16th, 2011, 2:16:42 PM   #286
Zarel*
>> BEGIN POSTBIT
is a member of the Smogon Site Staffis a Battle Server Administratoris a Super Moderatoris a Programmer
 
Zarel's Avatar
 
Super Moderator
Join Date: Aug 2011
Posts: 1,130
>> END POSTBIT
Default
Quote:
Originally Posted by Fat Pocket View Post
aesoft, I think the Haxorus sprite is broken (turn 8)
http://pokemon.aesoft.org/replay-Esp...12--2011-10-11
Quote:
Originally Posted by Fat whitefag View Post
It seems atributes aren't filtered, so it's possible to insert js code to Original Replay (I have no idea how to abuse it though...).
http://pokemon.aesoft.org/uploads/Fe...-at-22h20.html
Original replay files aren't filtered at all.

This could be used to extract cookies, though, which would be bad if I ever moved it onto the Showdown domain. I guess the solution would be to either prevent replay files from being viewable, or start filtering them.

I'll do one of those when I ever move domains. :/

Quote:
Originally Posted by Fat whitefag View Post
And what if I upload replay with filename equal to already existing upload? Can't I replace some featured replay with mine?
Yeah, I wanted to have a feature that let you edit replays, but there wasn't any good way to confirm you were the person who uploaded the original replay.

Oh, well, it's disabled now.
__________________
Pokemon Showdown | Replay player | No, I am not impressed that you know that my name is Guangcong Luo. The PS website says "Copyright Guangcong Luo" at the bottom, ffs.
Zarel is offline