Skip to content
← Back to Community
Content Security Policy
Profile icon
DonoldJTrump

I am Trying to make a hack-proof game. I am trying to allow inline and eval scripts, but no other scripts (like bookmarklets) can be run. Does anyone know how to do that only using meta tags?

Voters
Profile icon
DonoldJTrump
Comments
hotnewtop
Profile icon
CSharpIsGud

For a single-player browser game, this just isn't going to happen.
Trying to stop people from running scripts at all isn't possible, anyone can just open inspect element and run code with the console.
I myself have found leaderboards on repl talk that didn't or couldn't validate anything, so you could just say you had infinite money or anything like that and it would happen.
You can make it really annoying to open inspect element with a bunch of debugger statements being spammed and redirecting, but you won't be able to stop anyone that really tries.

Profile icon
DonoldJTrump

@CSharpIsGud I do plan on eliminating inspect element. And I can not use html response headers, so meta tags are the next best thing

Profile icon
CSharpIsGud

@DonoldJTrump You can't eliminate inspect element, all you can do is make it annoying to open, and that won't stop anyone trying to actually 'hack' it.

Profile icon
ch1ck3n

why do you want to use only meta tags, that is very hard