Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
×

Cookie Preferences

We use Cookies to help personalize and improve Roll20. For more information on our use of non-essential Cookies, visit our Privacy Policy here.
Create a free account

Bug/possible exploit vector?

  1. Community Forums
  2. Bug Reports & Technical Issues
  3. Bug/possible exploit vector?
1343323510
Alisha Loneheart
Permalink for 1736 Quote
If i type "/w player_name /roll 1d20" I get a message "SyntaxError: Invalid regular expression: missing /" which looks suspiciously like direct output from an interpreter on the backend. I have no interest in breaking the game, but it looks like something someone could escape out of and possibly do BadThings.
1343324677
Riley D.
Roll20 Team
Permalink for 15102 Quote
Alisha -- Thanks, we'll look into it! I can tell you that it's only output from the Javascript interpreter on your local computer, so they only thing you could potentially do is screw up your own local computer, but all the same we'll get it patched up.
1343325277
Alisha Loneheart
Permalink for 15104 Quote
Well i'm glad to hear the whole game isn't going to crash. :) oh dear... is rolling handled in the local jvm as well? I could imagine some player cross site scripting their rolls....
You must Login to your Roll20 Account to post a reply.