Template gameName into player-settings as a data attribute to avoid potential security risks.

WebHostLib/__init__.py

@@ -106,7 +106,7 @@ games_list = {
 # Player settings pages
 @app.route('/games/<string:game>/player-settings')
 def player_settings(game):
-    return render_template(f"player-settings.html")
+    return render_template(f"player-settings.html", game=game)
 
 
 # Game sub-pages

WebHostLib/static/assets/player-settings.js

@@ -1,8 +1,7 @@
 let gameName = null;
 
 window.addEventListener('load', () => {
-  const urlMatches = window.location.href.match(/^.*\/(.*)\/player-settings/);
+  gameName = document.getElementById('player-settings').getAttribute('data-game');
-  gameName = decodeURIComponent(urlMatches[1]);
 
   // Update game name on page
   document.getElementById('game-name').innerHTML = gameName;
@@ -25,7 +24,7 @@ window.addEventListener('load', () => {
     nameInput.value = playerSettings.name;
   }).catch((error) => {
     const url = new URL(window.location.href);
-    window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`);
+    // window.location.replace(`${url.protocol}//${url.hostname}/page-not-found`);
   })
 });
 

WebHostLib/templates/player-settings.html

@@ -10,7 +10,7 @@
 
 {% block body %}
     {% include 'header/grassHeader.html' %}
-    <div id="player-settings">
+    <div id="player-settings" data-game="{{ game }}">
         <div id="user-message"></div>
         <h1><span id="game-name">Player</span> Settings</h1>
         <p>Choose the options you would like to play with! You may generate a single-player game from this page,