I have a website which includes a Flash game. Upon the game ending the
Flash object fires off the javascript method:
recordScore(value)
This is then queried against the top score for the day and if it is
higher than this is stored as the new highest score.
The problem is, I have discovered it is possible to hack this page by
writing
javascript:recordScore(12345)
(for example) in the address bar of the page.
Can anyone suggest a workaround to prevent this hack?
The page HTML is similar to that below
<html>
<head>
<script>
function recordScore(value)
{
if(value>m_intHighScore)
{ recordNewHighScore(value) }
}
</script>
</head>
<body>
<object>
<!-- This is where the flash movie lives
This movie spits out the recordScore()
command when the user finishes. -->
</object>
</body>
</html>