Are Unity Web Games susceptible to cross-site scripting?

Question

Are Unity Web Games susceptible to cross-site scripting?

In particular, for Unity games compiled for the Internet.

Since the Unity web exporter is targeting HTML5, this makes it open to XSS attacks. Say, for example, there is a multiplayer game in which users can enter and save text that will be viewed by all players in the game. Can a malicious user inject some javascript, which will then be executed in all clients running the game that can see the entered text?

+4

javascript html5 xss unity-webgl

Rumham Jan 30 '18 at 16:52

source share

2 answers

axaq · Answer 1 · 2018-01-30T17:07:00+0000

The answer depends largely on how your server is configured, but in general, any data that you send to the server and process without disinfection will make it open to XSS attack. Again, this is not what you do with this data, but it is good practice to daily sanitize your data. nothing special for WebGL here if you are not using a WebGL instance on your server to process this data.

Kallmanation · Answer 2 · 2018-01-30T19:38:06+0000

Yes, in a way. If you allow unauthorized code on your web page, be it JS or WebGL shaders or something else, it can and will execute and use your users.

, , WebGL XSS. , , , ( ), script , . , XSS " ", , . GPU XSS.

- WebGL, XSS, , , , , , , GPU.

, XSS, , , ! , , , Javascript, SQL, WebGL, .

Are Unity Web Games susceptible to cross-site scripting?

More articles: