[kyle_martin1]

Managed to make a massive cursor and it was broadcasted to the whole party. Had some fun hacking this with Chrome dev tools.

Was simple as breakpointing in dev tools on "mousewheel", setting h.scale = 15, and then resuming. Massive cursor and massive fun. I'm sure people were wondering how I got mine so big. Considering it was clamped to 1.

I've thought about injecting a non-zero number to crash the app or perhaps inject some XSS to run some fun code on everyone's machine but...I decided to be nice and not literally crash the party. ;-)

All that's needed to fix this "exploit" is to properly sanitize data on the way in. Classic example of why sanitizing I/O is important!

All in all-- fun app OP.