Scratch
archived forums
#76 2012-01-01 05:47:13
- Hardmath123
- Scratcher
- Registered: 2010-02-19
- Posts: 1000+
Re: Adding the images back in to your scratch forum experience
Testing some other tags I made myself:
[button]type='button' value="Click me!" onclick="alert('Hi!');"[/button]
Last edited by Hardmath123 (2012-01-01 05:52:50)
Hardmaths-MacBook-Pro:~ Hardmath$ sudo make $(whoami) a sandwich
Offline
#77 2012-01-01 05:53:45
- Hardmath123
- Scratcher
- Registered: 2010-02-19
- Posts: 1000+
Re: Adding the images back in to your scratch forum experience
And the code...
Code:
// ==UserScript== // @name Bookmarklet // @namespace Bookmarklet // @description Creates bookmarklets // @include http://* // ==/UserScript== document.body.innerHTML=document.body.innerHTML.replace(/\[button\]/g, "<input type='button' ").replace(/\[\/button\]/g, "/>");
Hardmaths-MacBook-Pro:~ Hardmath$ sudo make $(whoami) a sandwich
Offline
#78 2012-01-01 06:57:47
Re: Adding the images back in to your scratch forum experience
Hardmath123 wrote:
And the code...
Code:
// ==UserScript== // @name Bookmarklet // @namespace Bookmarklet // @description Creates bookmarklets // @include http://* // ==/UserScript== document.body.innerHTML=document.body.innerHTML.replace(/\[button\]/g, "<input type='button' ").replace(/\[\/button\]/g, "/>");
How do I add this?!
Offline
#79 2012-01-01 07:10:49
Re: Adding the images back in to your scratch forum experience
[youtube]CAx6Mhc-0j4[/youtube]
That's pretty cool. 
~ihaveamac - visit ihaveamac.net
Offline
#80 2012-01-01 07:19:23
Re: Adding the images back in to your scratch forum experience
Servine wrote:
Hardmath123 wrote:
And the code...
Code:
// ==UserScript== // @name Bookmarklet // @namespace Bookmarklet // @description Creates bookmarklets // @include http://* // ==/UserScript== document.body.innerHTML=document.body.innerHTML.replace(/\[button\]/g, "<input type='button' ").replace(/\[\/button\]/g, "/>");How do I add this?!
paste the code into a .js file then drag it into chrome
Offline
#81 2012-01-01 07:28:09
Re: Adding the images back in to your scratch forum experience
[img]http://info.scratch.mit.edu/sites/infoscratch.media.mit.edu/files/image/example-Xmas-logo.jpg" onload="alert('This isnt secure!!\nI have your cookie:\n' + document.cookie);" /><img src="[/img]
http://en.wikipedia.org/wiki/Cross-site_scripting
Last edited by ZeroLuck (2012-01-01 07:59:52)
Offline
#82 2012-01-01 08:00:16
- nathanprocks
- Scratcher
- Registered: 2011-04-14
- Posts: 1000+
Re: Adding the images back in to your scratch forum experience
yay my code works
Code:
// ==UserScript== // @name iframe for scratch fora // @namespace iframe // @description displays iframes on the scratch fora // @include http://scratch.mit.edu/forums/viewtopic.php* // ==/UserScript== document.body.innerHTML=document.body.innerHTML.replace(/\[iframe\]/g, '<iframe src="').replace(/\[\/iframe\]/g, '" width="500" height="500" scrolling="auto" ></iframe>');
[iframe]http://dl.dropbox.com/u/37687009/Green-ishness%20Blue%20Chrome%20Theme/download.html[/iframe]
Offline
#83 2012-01-01 08:02:45
Re: Adding the images back in to your scratch forum experience
you can actually steal passwords with something like this^^
disabled the script 
EDIT: we should also do something about auto-playing scratch projects 
Last edited by roijac (2012-01-01 08:05:08)
Offline
#84 2012-01-01 08:06:05
Re: Adding the images back in to your scratch forum experience
roijac wrote:
you can actually steal passwords with something like this^^
disabled the script
Yes you can!
And much more too (the script can also post something in the Scratch forum)!
Offline
#85 2012-01-01 08:13:05
Re: Adding the images back in to your scratch forum experience
how do I add this code to chrome...
// ==UserScript==
// @name Bookmarklet
// @namespace Bookmarklet
// @description Creates bookmarklets
// @include http://*
// ==/UserScript==
document.body.innerHTML=document.body.innerHTML.replace(/\[button\]/g, "<input type='button' ").replace(/\[\/button\]/g, "/>");
And I got a warning about cookies when I visted this page!
Offline
#87 2012-01-01 08:17:57
Re: Adding the images back in to your scratch forum experience
Servine wrote:
Anyone else got this...
http://dl.dropbox.com/u/41073707/Capture.PNG
Yes. That is my XSS script.
I made it to show everybody that this "Adding the images back in to your scratch forum"
is very very dangerous: Somebody can get your Scratch account and write things in
the Scratch forum and much more!
You should disable the script!
Offline
#88 2012-01-01 08:19:02
Re: Adding the images back in to your scratch forum experience
ZeroLuck wrote:
Servine wrote:
Anyone else got this...
http://dl.dropbox.com/u/41073707/Capture.PNG
Yes. That is my XSS script.
I made it to show everybody that this "Adding the images back in to your scratch forum"
is very very dangerous: Somebody can get your Scratch account and write things in
the Scratch forum and much more!
You should disable the script!
Oh. But how else can we see images?
Offline
#89 2012-01-01 08:19:37
Re: Adding the images back in to your scratch forum experience
Servine wrote:
ZeroLuck wrote:
Servine wrote:
Anyone else got this...
http://dl.dropbox.com/u/41073707/Capture.PNG
Yes. That is my XSS script.
I made it to show everybody that this "Adding the images back in to your scratch forum"
is very very dangerous: Somebody can get your Scratch account and write things in
the Scratch forum and much more!
You should disable the script!Oh. But how else can we see images?
lol
Offline
#90 2012-01-01 09:09:13
- rookwood101
- Scratcher
- Registered: 2011-07-29
- Posts: 500+
Re: Adding the images back in to your scratch forum experience
ZeroLuck wrote:
Servine wrote:
ZeroLuck wrote:
Yes. That is my XSS script.
I made it to show everybody that this "Adding the images back in to your scratch forum"
is very very dangerous: Somebody can get your Scratch account and write things in
the Scratch forum and much more!
You should disable the script!Oh. But how else can we see images?
lol
I could make the script more secure, and make it check what you enter in the field, but I'm too lazy, maybe later.
Offline
#92 2012-01-01 09:38:04
Re: Adding the images back in to your scratch forum experience
rookwood101 wrote:
ZeroLuck wrote:
Servine wrote:
Oh. But how else can we see images?lol
I could make the script more secure, and make it check what you enter in the field, but I'm too lazy, maybe later.
Lol you are lazy when your script is very very dangerous?
Everybody can lost his account!
Offline
#93 2012-01-01 09:40:48
Re: Adding the images back in to your scratch forum experience
It is secure if you write the file yourself 
otherwise, you just have to trust that person.
Yeah, I'm mostly inactive. I check in once in a while though. If you want to contact me, I have a contact form at my website, http://escratch.org
Offline
#95 2012-01-01 11:16:42
- rookwood101
- Scratcher
- Registered: 2011-07-29
- Posts: 500+
Re: Adding the images back in to your scratch forum experience
Don't worry guys, I'm working on making it more secure, so it only accepts urls on the image tags, and only relevant stuff for the other things.
Offline
#96 2012-01-01 11:27:44
- fungirl123
- Scratcher
- Registered: 2011-10-09
- Posts: 1000+
Re: Adding the images back in to your scratch forum experience
OMG! I just saw this!
THANK YOU SO MUCH!!!!!!!!!!!!:DDDDDD
*dies of happiness*
Wait why does it say that I should disable it? This pop-up from scratch.mit.edu says:
"rookwood's image support is not XSS format! It's better to disable it?
Awww...and I got all excited...
AND NOW IT SAYS "I HAVE YOUR COOKIE!"
Last edited by fungirl123 (2012-01-01 11:31:33)
Offline
#97 2012-01-01 11:35:59
Re: Adding the images back in to your scratch forum experience
fungirl123 wrote:
OMG! I just saw this!
THANK YOU SO MUCH!!!!!!!!!!!!:DDDDDD
*dies of happiness*
Wait why does it say that I should disable it? This pop-up from scratch.mit.edu says:
"rookwood's image support is not XSS format! It's better to disable it?
Awww...and I got all excited...
AND NOW IT SAYS "I HAVE YOUR COOKIE!"
Lol, that was me
You should disable it because everyone can get your account when you have this
not disabled!
Last edited by ZeroLuck (2012-01-01 11:36:57)
Offline
#98 2012-01-01 12:01:42
- fungirl123
- Scratcher
- Registered: 2011-10-09
- Posts: 1000+
Re: Adding the images back in to your scratch forum experience
ZeroLuck wrote:
fungirl123 wrote:
OMG! I just saw this!
THANK YOU SO MUCH!!!!!!!!!!!!:DDDDDD
*dies of happiness*
Wait why does it say that I should disable it? This pop-up from scratch.mit.edu says:
"rookwood's image support is not XSS format! It's better to disable it?
Awww...and I got all excited...
AND NOW IT SAYS "I HAVE YOUR COOKIE!"Lol, that was me
You should disable it because everyone can get your account when you have this
not disabled!
I did 
Are people going to get into my account now??!?!
I'm so noobish lol
Offline
#99 2012-01-01 12:10:30
- rookwood101
- Scratcher
- Registered: 2011-07-29
- Posts: 500+
Re: Adding the images back in to your scratch forum experience
fungirl123 wrote:
ZeroLuck wrote:
fungirl123 wrote:
OMG! I just saw this!
THANK YOU SO MUCH!!!!!!!!!!!!:DDDDDD
*dies of happiness*
Wait why does it say that I should disable it? This pop-up from scratch.mit.edu says:
"rookwood's image support is not XSS format! It's better to disable it?
Awww...and I got all excited...
AND NOW IT SAYS "I HAVE YOUR COOKIE!"Lol, that was me
You should disable it because everyone can get your account when you have this
not disabled!I did
Are people going to get into my account now??!?!
I'm so noobish lol
no don't worry, zeroluck hasn't actually done anything with the cookie, just displayed it.
Offline