Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
×

Cookie Preferences

We use Cookies to help personalize and improve Roll20. For more information on our use of non-essential Cookies, visit our Privacy Policy here.
Create a free account
This post has been closed. You can still view previous posts, but you can't post any new replies.

roll security

  1. Community Forums
  2. Bug Reports & Technical Issues
  3. roll security
1336003460
Dj G.
KS Backer
Permalink for 150 Quote
rolls need to not appear to come from the player they should be contained in system message otherwise the player can just copy the html from a roll and manually tweek it to whatever and use that as his next roll. css should be something like #textchat .content > .rollresult { margin: 5px; border: 2px solid #FDD; border-radius: 8px; } #textchat .formula:before, #textchat .rolled:before { content:"FAKE"; color:red; } #textchat .content > .rollresult > .formula:before, #textchat .content > .rollresult > .rolled:before { content:""; color:transparent; } That will make it a little harder then just C/P the roll HTML to fake a roll
1336044141
Riley D.
Roll20 Team
Permalink for 4922 Quote
This is really more of an overall security hole that wasn't working as intended. It's been fixed now so you can't paste HTML of any kind into the chat box (to prevent things like this as well as XSS or injection attacks, although you'd really only be attacking your fellow players...)