Basic Cross Site Scripting

I was playing around with some cross site scripting demos to help educate our company about the importance of application security and thought that I would share one of my demos here. For those of you that are new to this, Cross Site Scripting, or simply XSS, is a web based vulnerability that allows a hacker to insert their own logic into your application. Many developers are prone to this attack and don’t even know it. Let’s illustrate.

Here is some basic html:

<!DOCTYPE html>

<html lang="en">
        <meta charset="utf-8" />
        <title>XSS Testing</title>

        <script src="/jquery-1.8.1.js" type="text/javascript"></script>
        <script src="/Script.js" type="text/javascript"></script>
        <p>Enter your name: <input type="text" id="inputName">&nbsp<input type="button" value="Submit" id="btnSubmit"></p>

        <div id="Content">


If you know html, there is nothing crazy here. This just creates a simple form that has the text “Enter your name”, a text input, and a submit button. In my jquery call, “scripts.js” as linked above, I have this function:

    $("#btnSubmit").click(function () {
        var htmlToRender = "Welcome to our site " + $("#inputName").val();


Again, pretty simple. This is a button click event handler on the submit button. All it does is take the user input and outputs it to the screen. This is what a lot of the internet does. Perform a search? It does the search and then outputs what you put in the search box to the screen. Same principle here.

What this is expecting is for a user to enter their name. Well, what if they enter something mischievious such as “<script>alert(“ha, I hacked your site”)</script> Josh”? Using this code you can try it. You will get an alert box that reads “Ha, I hacked your site”. But if you look at the screen after you click ok, it will say “Welcome to our site Josh.” This is actually one of the first tests that you make on a site to see if they are susceptible to XSS attacks.


Farm Game – NPC Dialogue, trees, and much more added

I’ve been working pretty hard on the farm game for the past few days but not a tremendous amount to show for it! The biggest thing that I have added is the NPC dialogue. I am using a CSV file internal to the project to create what is basically a conversation database. Currently, it will use the animation name of the sprite to look up the conversation and then look up the correct conversation. Currently, any NPC will support three conversations though this could be expanded easily. Some other minor things have been added such as trees and bridges! Next step is to implement a basic vendor NPC where the player can buy/sell items.



Farm Game – Basic Item Database and Dialogue Boxes

I’ve been pretty hard at work on the farm game this week and have a couple of extra features implemented. On top of some basic fixes, I have implemented a dialogue system. It’s not complete you, but you can see the basics of it at work in the screen shot. This also shows off the fancy item database. Essentially, each item is assigned an id which corresponds to an animation. That id also corresponds to a separate array that holds the basic information about an item. Currently, this is just the id, name, sell price, and purchase price.


Unnamed Farm Game Demo 1

I’ve been hard at work this week trying to get more work done on my yet to be named farm game. The biggest thing that I have in place now is the inventory system. Right now, I only have 6 slots enabled, but that can easily be increased. When you collide with an item, it will find the next available inventory spot and add the item. If you already have the item, it simply add another. There is also the option to drop an item. Dropping the item will cause it to actually remove from the inventory and appear on the screen. Let me know what you all think so far!

New Farm Game

So, I’ve actually been doing some game programming again here lately and have started up a new Harvest Moon type clone. I’m pretty sure that I posted some articles from where I was doing this in XNA a while back. So far, I’ve got the player animated and moving, a basic scrolling tile engine, a basic HUD, and a stamina system. So far, there’s not anything to do. I’ll try to get more screenshots posted as I progress. I’m hoping to make some real progress in this one!FarmGame1