Any tips to prevent cross-site / xss scripting?

  • I created a simple multiplayer game https://www.scirra.com/arcade/rpg-games/minero-11875 that performs ajax polling to synchronize maps and players. Some of my users tells me that the maps are not loaded due to cross-site scripting issues, (1) in general can ajax polling / long polling be an alternative to make online games? for android / ios / cordova support ajax call from phone to a remote site? (2) anyone tried creating a working game that implements polling?

  • Im preparing myself to get back to construct and the idea, even knowing its probably not the best one, will be to use some sort of ajax to sync things in my game.

    I think i wont have that many sync issues you're having because of the game style: by testing your game and checking network on chrome, i think youre polling entire map everytime, right? For this game style (action intense) i think your option would be syncronize every action (every tile dug), triggered by the action itself. Also, as the pace is really fast, the best option would be websockets. Maybe even multiplayer in C2, having a couple worlds preset and state saved, i mean, generating it upon creation only, and then saving its layout.

    Sorry if not clear enough.

    Also, i really liked the artwork, but i missed a tuto/ gae control info lol.

    About the mobile supporting ajax, not sure but i think it works.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Im preparing myself to get back to construct and the idea, even knowing its probably not the best one, will be to use some sort of ajax to sync things in my game.

    I think i wont have that many sync issues you're having because of the game style: by testing your game and checking network on chrome, i think youre polling entire map everytime, right? For this game style (action intense) i think your option would be syncronize every action (every tile dug), triggered by the action itself. Also, as the pace is really fast, the best option would be websockets. Maybe even multiplayer in C2, having a couple worlds preset and state saved, i mean, generating it upon creation only, and then saving its layout.

    Sorry if not clear enough.

    Also, i really liked the artwork, but i missed a tuto/ gae control info lol.

    About the mobile supporting ajax, not sure but i think it works.

    Thanks for the feedback. For my next prototype I am currently testing websocket with ajax polling / or with long polling as fallback or what ever works. Will consider all the possible improvements in content generation as you have mentioned. Currently on the data of 10-20 users, following a linear projection. The current system can be comfortable with at most 1000 concurrent users . Either I scale the server or put more improvements on my end. Thanks again.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)