dont get how people can dupe gold with just adding an img file into chat though
I have a legit question really, does AGS has a QA team? I dont want to be rude or anything but if you do they are doing a terrible job, looks like all the content and fixes submited and built bring more bugs and problems than they solve them âŚ
@Luxendra
Issue is still persistent, this was just now.
We need to get away from users being able to use code in chat or stop using a HTML based web chat entirely.
Happening everywhere still. Please amazon fix 1 thing. At this point im starting to think the devs have no clueâŚ
Itâs not about adding an image to the chat. Itâs about being able to execute code through the chat itself. The images are just âharmlessâ html on the front end. What if they can type SQL that gets parsed by the game just like the html does? They could potentially even delete whole databases. Itâs literally the first baby steps a web developer learns when trying to secure their website.
Yeah, this was happening all day again today, along with a ton of gold being handed out to a lot of random users on Bifrost. Guessing they found another way to dupe gold 
Not fixed! Spam all day
They Devs should stop just fixing that one particular thing and start fixing the main issue itself. This is getting more and more ridiculous. Even content creators seem to send advice to AGS on how to fix their stuff âŚ
Today saw the biggest nuts on the chat around 7PM CET. So still not fixed in Niflheim
Because their hiring process is shit. They have you take a test designed for people who are in college or recently graduated, instead of engineers that have been working for over 20 years.
IDK why but they also think 200k in San Fransisco is competitive. If youâre fine with living in a hut then I guess itâs okay. But houses out there are EXPENSIVE.
Apparently you have no idea what you are on about.
Modifying a file on your side is not going to change the image for the othersâŚ
Also this has been patched multiple times, people are finding new waysâŚ
the patch is a shitty quick fix, still not properly sanitizing user input.
Thatâs still not validating on the server. The server should never trust what the client sends. If the client says âX player needs the reward for Y quest.â The server shouldnât unquestionably send those rewards. It should check things like
- âhave you already completed that quest recently?â
- âare you in the correct location to complete this quest?â
- âdid you fulfill all prerequisites to complete this quest?â
Only then should the server trust the client. And there should be more checks than just the three examples I gave.
4 Likes
Seems to be fixed again now, canât post eggs in chat.
1 Like
The thing is, you donât even need college to sanitize html inputs. 13 year olds know this stuff. Itâs standard practice everywhere, certain languages literally have a dedicated function to do it for you. These forums do it too (pretty likely this isnât made by Amazon devs but rather just some sort of a plugin bulletin board).
Iâm sure their hiring process is based on political correctness rather than actual skill. People in higher command donât really care if the job gets done, only if certain bottom lines are met.
PS: 200k is a huge amount of money where I come from. I can fix this issue for them in 2 minutes if they can pay me even a tiny fraction of that.
0% chance youâve made it past the take home assessment while saying this shit lmao. The little world youâve created in your imagination to explain the root cause of all your lifeâs problems must be so sad.
They canât. A youtuber got trolled on 4chan and made a video claiming it was a thing without providing any proof of it whatsoever so now people act like itâs a real issue.
Was that supposed to be a response to my comment?
By the way they can since there is a quest that auto completes and gives you 50g. If you link that guest into the chat to a item and hover over it then it keeps on auto completing every time you hover over that item and you get 50g.
It would be interesting to have actual proof of this and not just quote what was said in a Youtube video.
PS: Not displaying how to do it, but showing it in action.
1 Like
I agree with you. They could have easily show the mouseover completing quests without showing the codes but no⌠everyone kept saying it is possible. The video that everyone spoke about⌠he said theoretically it could be used for that but there is no proof of that. Although the img linking is back but that doesnât mean they could exploit the quest completions.