Import costume from url & user id

jeffreyrb03-gmail

@info-creaticode oh yeah, user id would be pretty useful, because username and full name can always be changed, and if you want to save score for a user or like ban them, one can bypass that by changing their username/fullname that is being used to save data.

Tyller_

@jeffreyrb03-gmail correction, username can’t be changed, but Catty used my chat rooms and my user database logged their set full name (CattyPlazyz or something like that) for the username and display slot, but in chat messages for who’s talked it shows me, my alt, my friend’s acc they don’t use, and an acc with a short username (who tested that I don’t have a filter) who sent messages

info-creaticode

@tyller_

Actually, now we have added support for changing username. It is the “profile” link in the top right dropdown:

Tyller_

@info-creaticode alright, that is very good to know

jeffreyrb03-gmail

@tyller_ lol I managed to get HTML

my projects are gonna be sooo epic (please don’t patch this CreatiCode )

Tyller_

@jeffreyrb03-gmail Iframe and/or script tag? and they should patch it if it can access stored cookies, I don’t know how login auth works but a cookie grabber would be really bad, unless you can’t access it (really hoping for that), plus you can already do non script tag stuff, unless that’s just an iframe then it’s fine

jeffreyrb03-gmail

@tyller_ I’m just using it to make a browser using iframes. iFrames are sorta in their own little seperate and boxed world, and they can’t access stuff outside of them I don’t think, and even if it was, I’m certain that they aren’t allowed to access cookies/local storage and whatnot unless it’s of that website, and not for like another website. Some websites also don’t like being in iframes, like Google:

On top of that, I’m pretty sure CreatiCode is smart enough to have put some CSP policy header that blocks stuff like that.

The funny thing is, this thing I’m making can slightly bypass Securly, which is weird, because you’d think that any and all iframe exploits to bypass school filters (that blocks sites like games) were patched years ago, but actually no. Glitch.com is blocked normally, but if you’re careful, this thing can easily go under the radar. This is useful because my game’s site is being made with glitch and its database too.

To do this, I’m just using a rich text box widget and setting its value to html code. It supports iframes, but doesn’t allow script tags which is good because of the way those can get abused.

This is pretty cool because of the really cool capabilities it has like making user interfaces and stuff in a better way, enabled all by HTML and CSS, and not limited by CreatiCodes limitations, for instance, doing stuff with gradients or making forms that are better connected and can send that data over to another site.

Tyller_

@jeffreyrb03-gmail alright, thats really neat (bit confused how it can bypass proxy filters though)

jeffreyrb03-gmail

@tyller_ https://play.creaticode.com/projects/67 068a6c6491cfeaeaa1b22c?version=1

jeffreyrb03-gmail

@tyller_ I’m not sure either, probably because CreatiCode is a trusted site, so filters mistakenly trust the iframes too, but this doesn’t work against firewalls like blocksi or fortiguard. the project link I gave is a wip, but you can run it and it works

jeffreyrb03-gmail

@tyller_ this is also doing stuff to try to get metadata from a page like getting page titles by extracting the value of the title tag, as well as other stuff. If I can figure out more bypass things or make specific conditionals to parse page stuff, this could work like a real browser. It might even be useful for me to utilize AI blocks to extract stuff easier without using regex, but it’d be a bit annoying, might not work all the time, and might give out when too many requests get sent to it.

I’m also planning to manually add support for sites like google

info-creaticode

@jeffreyrb03-gmail

Glad to see you are having fun with iFrames and serving as our red team. IFrames are very secure, so they shouldn’t leak any information. If you do find anything dangerous, please let us know.

jeffreyrb03-gmail

@info-creaticode I will, thank you! I’m also expanding this project to be like a full on browser and useful tool for researching (it will make article pages faster and have options to summarize using AI):

I don’t think you guys have rules against proxies, but just so you know, this is only able to bypass faulty/defective blocking filters, and its purpose isn’t malicious or meant to aid people in getting around restrictions or otherwise act like a browser in a browser.
Edit: I don’t think it can access inappropriate sites anyways because how the cloud fetch URL as markdown block works

info-creaticode

The following blocks have been added to the playground:

1. “user id” in Sensing, which returns the unique id of the current user

2. AI image search in “AI”: a reporter block that returns the URL of an AI-generated image from the library based on a search query. Note that this does not generate new images, but searches among existing images generated by AI, so it is much faster.

3. add image from a URL as costume in “Looks”. You scale down the image to a maximum width/height:

Note that #2 and #3 can be combined to add an AI image as a costume:

jeffreyrb03-gmail

@info-creaticode Awesome!Thank you!

Tyller_

@info-creaticode an issue, I planned to get the pfp of users, I checked with two other accounts and in the url of each pfp there is a second random string of numbers , how would I get a user’s pfp, Ik it’s some file storage stuff, but I’m going to try to find a workaround, it’s just a minor annoyance

jeffreyrb03-gmail

@tyller_ To get a user’s pfp, you have to read their profile page HTML using their user id and then parse some stuff to get their profile picture from there (since profile pictures are public and are shown on that page).

You can get the HTML of a page by using the thing to get a page as markdown but putting “view-source:” before the URL that you are going to read, and then doing some trimming by removing the unnessescary lines and stuff and then reading the src attribute of the profile picture image (wherever the pfp is normally located in terms of the HTML page structure).

I’m using a similar method to get the title of a website by getting a website’s source code (ex:“view-source:https://google.com”) then reading the content of the <title> tag for my iframe powered browser project. What you could do is join “view-source:https://play.creaticode.com/users/” and the user id, and then read that to a variable (using the cloud block read page as markdown), then look for wherever the profile pic image of the user is (should be near like the about me section) and then get the URL of that image by reading the src attribute. Then you can display that image (via its URL) to a widget.

Tyller_

@jeffreyrb03-gmail alr, I never would of actually thought to use view source to get the actual stuff instead of markdown, thx

Tyller_

@jeffreyrb03-gmail it doesn’t work likely because it’s loaded after, I used my source bookmarklet and holy, CreatiCode can you guys plsssssssss use some css files, I’ma check forum pfps for it

Edit: find in my view source has found it in regular user profiles, but it’s too big of a source for it to actually bother scrolling me all the way there

Edit 2: nvm it shows that theres 1 of 1 found, but scrolls me to the top, but searching for the tag which is probably around the pfp url is the same result

info-creaticode

@tyller_

So you are looking for a block in the playground that would return the URL of the forum profile image of any user given their user id?

That’ll not be easy, since the forum is a third party software (NodeBB).