[pmorici]

It seems like you might not be properly escaping user input for their name by the looks of the leader board which is now popping up a window with a dude getting slapped in the face with a projectile.

[nulluk]

So far there has been several GIF's embedded. An alert for your document.cookie, and a redirect to another gif. You can safely say it's not escaping the HTML input on the leader board.

Also the matching words shouldn't be passed to the client, keep as much data server side as possible to elevate some of the cheating, your never going to stop all of it but that should deter most people.

All in all though kudos, looks a decent outcome for a hack project.

[kunil]

"the matching words shouldn't be passed to the client, keep as much data server side" Communication cost between clients and server would be too high I guess. Also you would notice the delay between entering a word and getting the reply from the server.

[farhadabas]

Sorry for the problems- tried fixing some of them. Hope you enjoy it!

[nyellin]

Someone is injecting a flash script into the background.

Edit: You might want to change the page's title. Also, thanks for the game. I really enjoyed it.

[heretohelp]

alleviate, not elevate.

[farhadabas]

Sorry I knew this was going to happen, but wanted to throw it up on here before I went to sleep. Now I have gotten such a huge response, that I am trying to fix it :)

[ricardobeat]

The games' guts are all over the floor now.

edit: aaaand someone crashed the server :/

[farhadabas]

That was me taking down the server for a few seconds. I have done some more sanitization for now, but will likely do a much more thorough sanitization when I get the chance later.