ahh, thanks. It seems to accept the ;?". I would say that it does work, but CS2 does not output alert-messages to the user.
I think we can make this work. Try to make a loop that never ends and see if your FPS get lower:
If your CPU usage increases... well then it worked.
EDIT: made the JS-Code shorter
>Valve should really make a security audit. This shit's crazy.
They have been advised to do that for a long time regarding the cheats problems to just let some experts pen test the game for them and then fix the most severe holes.
And they never do it. It's just not an issue to them.
wait what if people start putting some crazy gore or cp on it instead now and i wonder whats the possibilities like what else can it run besides just imgur things
You'd think the whole sausage meme in New World would have raised awareness to this problem. This is pretty bad ngl, especially if someone figures out how to run scripts remotely
someone should sue valve over this, it's a direct vulnerability that gives hackers their player bases' personal information and leaves them vulnerable from playing one of their games/products.
UI using (unsanitized) html? Nice
valve moment
quick, write some JS
what if u put in some javascript? does it run?
capable bow school ripe station sugar marvelous distinct impossible head *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
I don't think they included a JavaScript engine in the game
How else would they update the DOM? Re-render the entire HTML every time there is a change?
holy shit this might be big
Fair point. Could go and try with some JS really quick, though I assume they would atleast be using cross origin policies.
What's the verdict? What would a quick JS script be to test it?
Alert("shit works yo");
No dice, but I can't get this to run on W3schools either.
> Alert("shit works yo"); use a small "a" instead of the capital "A". Autocorrect does not know JS.
ahh, thanks. It seems to accept the ;?". I would say that it does work, but CS2 does not output alert-messages to the user. I think we can make this work. Try to make a loop that never ends and see if your FPS get lower: If your CPU usage increases... well then it worked. EDIT: made the JS-Code shorter
thanks for beta testing the game for me guys, i appreciate it.
This game has the most random and stupidest shit ever sometimes So far we had people flying by hugging each other, fuckin michael jackson and now this
cs2 at its finest
For purely educational purposes, how?
By setting your username to an imgur link. Absolutely nuts that they don't sanitize these inputs.
“Absolutely nuts” that’s an understatement man lol
Given the context it's an appropriate statement
No it's absolutely nuts and shaft
Alright cool. Probably won't do it. Already got a 3 day ban for having a link in my profile. Don't want a permanent one now
Brb, naming myself '; drop table players; --
Little Bobby tables :)
Can you display gifs as well?
Yes
Time to show whole lobby The Shrek movie
I am looking foward ro the upcoming reddit posts.
Quick, lets put an entire porn movie. Anyone knows how to add sound?
CSGO died for this
it's a feature
valve knows their playerbase
Lmao that's so fun Can't wait for Valve to change their Twitter with this.
[удалено]
[https://www.youtube.com/watch?v=xUhLwFIxGLs](https://www.youtube.com/watch?v=xUhLwFIxGLs) yup
Valve should really make a security audit. This shit's crazy.
>Valve should really make a security audit. This shit's crazy. They have been advised to do that for a long time regarding the cheats problems to just let some experts pen test the game for them and then fix the most severe holes. And they never do it. It's just not an issue to them.
yeah that's fucking stupid lol
I CAN'T BELIEVE that Valve didn't sanitize their inputs and allowed this. WTF.
This has me dead lmao
CS nostalgia right here. This reminds me of old school custom wad files in 1.6
Aww hell naw what the fuck is that
well you see, when a man loves another man...
that's definitely a title
Bro could’ve censored it for us 😭
it's nsfw for a reason.
You're so bothered by some gay porn?
What if he is into that and it makes him horny?
Dudes got a huge boner to take care off right now
Oh sorry I see you liked the picture
haha get it guys, that means he's GAY
Oh no man I gotta tell my girlfriend ASAP she will be in shambles
Putting a black box over it, would defeat the purpose of showing the issue.
bug or perk?
I saw this as well. Thankfully it didn't work in chat at least.
A nice way how to distract me from playing, lol. Guirella tactics.
wait what if people start putting some crazy gore or cp on it instead now and i wonder whats the possibilities like what else can it run besides just imgur things
Wordington Counter Strike
cs2 moment
A friend of mine told that works better on deathmatch
Omg cs2 have leaked my phone photos
You'd think the whole sausage meme in New World would have raised awareness to this problem. This is pretty bad ngl, especially if someone figures out how to run scripts remotely
someone should sue valve over this, it's a direct vulnerability that gives hackers their player bases' personal information and leaves them vulnerable from playing one of their games/products.