I broke the user list on the website

Hey guys!

My in-game name is <plaintext>, and I registered on the main site and my name kinda broke the user list, as it's a deprecated html tag :P
This means a malicious user could use cross-site scripting to do whatever bad stuff they want to do. Redirect the site to porn, steal sessions, etc. So this is a shout-out to the people who run the site: you may want to use the htmlentities() function to defend against xss :)
Sorry for breaking that list, I only realised it may not be filtered after I registered

This is the link to the user list:
http://www.kag2d.com/users.php

 

hmm lol indeed :D

 

Huh, does that mean it does it in posts too?

<i>Test</i>

 

Not a fan of Drupal myself, would rather get WordPress and integrate it with PHPbb3 so you can easily post announcemts on the front page and have forum functionality.

 

I removed the issue with your name. I use html entities for everything but I suppose I missed something X_X I can't fix this until Friday but I'll keep a lookout on the database for users trying to abuse this. If worst comes to worse I'll ask Mike to throw the site into maintenance mode.

Thank you for finding this I really appreciate it!

EDIT:

I'm doing the website for free :3 also the issue with a CMS is that it wouldn't be as custom tailored for the game(and I wouldn't be needed ;-;)

EDIT2: Changed your name back and actually fixed the issue with many thanks to Mike(He had to send me the files and upload the changes)

 

Heh all the less fun and interesting stuff is done basically. At least what I consider not fun. I enjoy maintaining the website and programming new features programming in general has always been a hobby of mine :)

 

I've honestly only tried it once or twice, but to each their own :)