New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Anyone can spam easily by using the exposed io() function #2211
Comments
Found solution: pass |
That doesn't solve the problem as you only hide |
Yeah but the demo chatroom can just use this method to flood. |
welcome to the internet @ClassicOldSong |
That issue was closed automatically. Please check if your issue is fixed with the latest release, and reopen if needed (with a fiddle reproducing the issue if possible). |
Once linked to the socket anyone can use a simple script to start spamming just by running this in your browser's console:
for (i=1; i<1000; i++) { io().emit("new message", i.toString());};
new message
can be replaced with any event that the server can responce, such as I can easily make the onlinecount to a great number:I hope you can find a solution to solve this problem.
The text was updated successfully, but these errors were encountered: