Ask coding questions

← Back to all posts
Content Security Policy
DonoldJTrump

I am Trying to make a hack-proof game. I am trying to allow inline and eval scripts, but no other scripts (like bookmarklets) can be run. Does anyone know how to do that only using meta tags?

Voters
DonoldJTrump
Comments
hotnewtop
CSharpIsGud

For a single-player browser game, this just isn't going to happen.
Trying to stop people from running scripts at all isn't possible, anyone can just open inspect element and run code with the console.
I myself have found leaderboards on repl talk that didn't or couldn't validate anything, so you could just say you had infinite money or anything like that and it would happen.
You can make it really annoying to open inspect element with a bunch of debugger statements being spammed and redirecting, but you won't be able to stop anyone that really tries.

DonoldJTrump

@CSharpIsGud I do plan on eliminating inspect element. And I can not use html response headers, so meta tags are the next best thing

CSharpIsGud

@DonoldJTrump You can't eliminate inspect element, all you can do is make it annoying to open, and that won't stop anyone trying to actually 'hack' it.

ch1ck3n

why do you want to use only meta tags, that is very hard