Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize MXP tags #29

Open
wrparker opened this issue Sep 20, 2020 · 1 comment
Open

Sanitize MXP tags #29

wrparker opened this issue Sep 20, 2020 · 1 comment

Comments

@wrparker
Copy link
Owner

wrparker commented Sep 20, 2020
edited

#27 introduced automated negotiation for TTYPE and MXP. Now we need to deal with MXP output.

MXP tags are initiated by the following characters:
<, >, and &.

For clients using MXP they must be replaced:
< = &lt;
> = &gt;
" = &quot;
& = &amp;

Input should be santized when MXP is enabled such that MXP is only sendable by the mud server and not via players in communication.

MXP should be allowed for:

  • Exits
  • Objects
  • who list

There may be ways to abstract out player name such that anytime a player name is called, if MXp is enabled we create a linkable "whois" command.

For example:
say <send>hi</send> right now in mudlet allows linking of a "hi" command. This doesn't work in MUSHclient, but either way tags should be properly sanitized.

More information is available on this guide: https://www.gammon.com.au/mushclient/addingservermxp.htm
@wrparker
Copy link
Owner Author

wrparker commented Sep 20, 2020
edited

It's also likely we need to implement some kind of secure mode for MXP. http://www.gammon.com.au/forum/bbshowpost.php?bbsubject_id=222

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wrparker