Technically, there was a safe website that was hacked before. An earlier version of Chaty did not sanitize messages, this led to someone being able to do a Cross-site scripting attack, but fortunately this person was very helpful and only changed the colours from blue and yellow of the site to grey and red (can’t remember exactly, it was quite a while ago). This attack could have been much more malicious and be used to use up all the users PUTS and could have also been used to create, modify or delete data however the fix for this was quite simple and is shown below.
function uintToString(uintArray) {
return new TextDecoder('utf-8')
.decode(uintArray)
.replace(/&/g, '&')
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"')
.replace(/'/g, ''');
}
This replaces the special HTML characters to their clean unicode equivalent so they still show up properly.