Tuesday, January 29, 2013

Security fixes, additional features.

1/29: This is an OLD post that never not published. The fixes were made almost 2 months ago but I wanted to publish it so you know where to e-mail JS requests.

Bug Fixes:
- Fixed the exploit that allowed injections through media titles.
- Fixed other various XSS javascript exploits.

- Added the ability for ALL rooms to have a custom CSS file.
- Added the ability for SOME rooms to have a JS file.

Check your "My Rooms" page to see these fields.

The JS file is "invite only, and you must ask us to turn it on for you. To request enablement, write an e-mail to:

synchtube {at} gmail {dot} com
Subject: JS Enablement Request
Body: Write a brief description what you plan to do with the enablement.

The community is tight knit enough and generally police each other, so if you are caught abusing JS or doing evil things with it, you will be blacklisted, no exceptions, ZERO tolerance policy. Report abusers to the e-mail above as well. Please include a snippet of malicious code, which we can then verify, then blacklist.

If you see Lucid give him a giant thanks for taking the initiative to patch the security vulnerability and for making synchtube a safer place.


No comments:

Post a Comment