HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Cheating with DiceRoller
This discussion is related to the Dice Roller addon.
Hey @ToastyFish, I dunno if you're still maintaining this but I recently had a look at the source at the request of a client. Unfortunately it's easy to circumvent the anti-cheat mechanism with a little HTML. You'll probably want to store the roll value on a separate database column or in the Attributes column, and then show it separately after the body of the comment. That way it isn't editable at all after a roll is made. Attempting to pattern-match what the person types is going to fail no matter how hard you try.
If you have questions about doing that, feel free to post 'em here or start a new discussion and @mention me. Alternatively, if this client contracts us to make the change, I'll pass 'em back to you for the next version.
0
Comments
If I were to make a dice roller I'd consider some of the following options:
Yeah he said elsewhere he didn't want to lock down comments tho, which leaves storing the calculated result separately (and only calculate on inserts, not updates).
Man, that's just not advisable. Let's look at this scenario.
Edit, edit.
"roll play" :P
grep is your friend.
Aside from editing, the other issue is just faking a computed dice roll in your original comment.