;)

DragonFireGames

No userscripts, no inspect console, pure code.org tomfoolery

Letti42

DragonFireGames thats not good

Blockyheadman

what.

MonsterYT_DaGamer

What even is that

DragonFireGames

MonsterYT_DaGamer

DragonFireGames oh yes, that explains everything

DragonFireGames

MonsterYT_DaGamer Short summary, I can block inspect console & data browser at the same time.

[WUT] Adam

Give. Now.

DragonFireGames

[WUT] Adam Now, here is the problem, it gives you TOTAL access to all of the inspect console from within a gamelab project. You can execute scripts on the behalf of anyone running the project. I can create a project which when run will replace your projects with copies of that project and publish them. Do you understand the security issue this presents?

MonsterYT_DaGamer

DragonFireGames imma need that

DragonFireGames

A proper demonstration of it's power.

EDIT: Removed video since it don't work

Jibberjay

DragonFireGames Video won't play for me :(

what-the-dog-doin

Jibberjay unfortuante :)

imreallyhuman

If i had coins i would give

MonsterYT_DaGamer

imreallyhuman don't you have 1.6 coins

ackvonhuelio

imreallyhuman
owokoyo pfp crazy

DragonFireGames

I've decided to report it as a bug to code.org since I realize the devastating potential of an exploit like this. For now, I shall wait until it is patched. Cry about it, but it's the responsible thing to do.

[WUT] Adam

DragonFireGames Damn 😔

but that is the responsible thing to do ngl

Binary_Coder

DragonFireGames Did CDO ever respond or fix it? And would it be any less dangerous with the new gallery preventing publishing?

DragonFireGames

Binary_Coder Nope, never happened, and yes it is less dangerous without public project publishing.