XSS Exploit on SL ⚡ Chat × COTD 😈

Hello, this is the author of Code of the Day on 10 December 2017. 👋 First and foremost I would like to thank SoloLearn for featuring my code and providing me the exposure to understand the challenge of creating a real-time application. I apologize if some of you are unhappy with the exploit and the complaint of almost nil client-side code. I'm not in the position to judge but I hope it open your eyes on what can be achieved via ASP.NET SignalR, which is my intention. I don't blame the hacker as it's my fault for failing to perform a thorough checking before releasing it as it's still in early beta stage. (v.0.9.9) I always believe that this platform allows everyone here to learn and so here are some of the key takeaways that might benefit to you:- ✔️ ASP.NET SignalR is the official real-time solution provided by Microsoft which support the de-facto WebSocket and Long Polling + Forever Frame as the fallback. ✔️ Make sure to sanitize user input on both client & server side to prevent malicious user to run arbitrary JS code at your site. ✔️ Rate limiting and word filtering are encouraged for chat application to prevent spam. We disseminate knowledge at SoloLearn but not taking advantage of others or spreading hate. Thank you for the lesson and your interest and I'm glad if it inspire you to try something new in future. Cheers! https://code.sololearn.com/Wb819DHXTLW6/?ref=app