Import costume from url & user id
-
@info-creaticode oh yeah, user id would be pretty useful, because username and full name can always be changed, and if you want to save score for a user or like ban them, one can bypass that by changing their username/fullname that is being used to save data.
-
@jeffreyrb03-gmail correction, username can’t be changed, but Catty used my chat rooms and my user database logged their set full name (CattyPlazyz or something like that) for the username and display slot, but in chat messages for who’s talked it shows me, my alt, my friend’s acc they don’t use, and an acc with a short username (who tested that I don’t have a filter) who sent messages
-
Actually, now we have added support for changing username. It is the “profile” link in the top right dropdown:
-
@info-creaticode alright, that is very good to know
-
@tyller_ lol I managed to get HTML
my projects are gonna be sooo epic (please don’t patch this CreatiCode ) -
@jeffreyrb03-gmail Iframe and/or script tag? and they should patch it if it can access stored cookies, I don’t know how login auth works but a cookie grabber would be really bad, unless you can’t access it (really hoping for that), plus you can already do non script tag stuff, unless that’s just an iframe then it’s fine
-
@tyller_ I’m just using it to make a browser using iframes. iFrames are sorta in their own little seperate and boxed world, and they can’t access stuff outside of them I don’t think, and even if it was, I’m certain that they aren’t allowed to access cookies/local storage and whatnot unless it’s of that website, and not for like another website. Some websites also don’t like being in iframes, like Google:
On top of that, I’m pretty sure CreatiCode is smart enough to have put some CSP policy header that blocks stuff like that.
The funny thing is, this thing I’m making can slightly bypass Securly, which is weird, because you’d think that any and all iframe exploits to bypass school filters (that blocks sites like games) were patched years ago, but actually no. Glitch.com is blocked normally, but if you’re careful, this thing can easily go under the radar. This is useful because my game’s site is being made with glitch and its database too.
To do this, I’m just using a rich text box widget and setting its value to html code. It supports iframes, but doesn’t allow script tags which is good because of the way those can get abused.
This is pretty cool because of the really cool capabilities it has like making user interfaces and stuff in a better way, enabled all by HTML and CSS, and not limited by CreatiCodes limitations, for instance, doing stuff with gradients or making forms that are better connected and can send that data over to another site.
-
@jeffreyrb03-gmail alright, thats really neat (bit confused how it can bypass proxy filters though)
-
@tyller_ https://play.creaticode.com/projects/67 068a6c6491cfeaeaa1b22c?version=1
-
@tyller_ I’m not sure either, probably because CreatiCode is a trusted site, so filters mistakenly trust the iframes too, but this doesn’t work against firewalls like blocksi or fortiguard. the project link I gave is a wip, but you can run it and it works
-
@tyller_ this is also doing stuff to try to get metadata from a page like getting page titles by extracting the value of the title tag, as well as other stuff. If I can figure out more bypass things or make specific conditionals to parse page stuff, this could work like a real browser. It might even be useful for me to utilize AI blocks to extract stuff easier without using regex, but it’d be a bit annoying, might not work all the time, and might give out when too many requests get sent to it.
I’m also planning to manually add support for sites like google
-
Glad to see you are having fun with iFrames and serving as our red team. IFrames are very secure, so they shouldn’t leak any information. If you do find anything dangerous, please let us know.
-
@info-creaticode I will, thank you! I’m also expanding this project to be like a full on browser and useful tool for researching (it will make article pages faster and have options to summarize using AI):
I don’t think you guys have rules against proxies, but just so you know, this is only able to bypass faulty/defective blocking filters, and its purpose isn’t malicious or meant to aid people in getting around restrictions or otherwise act like a browser in a browser.
Edit: I don’t think it can access inappropriate sites anyways because how the cloud fetch URL as markdown block works -
The following blocks have been added to the playground:
-
“user id” in Sensing, which returns the unique id of the current user
-
AI image search in “AI”: a reporter block that returns the URL of an AI-generated image from the library based on a search query. Note that this does not generate new images, but searches among existing images generated by AI, so it is much faster.
- add image from a URL as costume in “Looks”. You scale down the image to a maximum width/height:
Note that #2 and #3 can be combined to add an AI image as a costume:
-
-
@info-creaticode Awesome!Thank you!
-
@info-creaticode an issue, I planned to get the pfp of users, I checked with two other accounts and in the url of each pfp there is a second random string of numbers , how would I get a user’s pfp, Ik it’s some file storage stuff, but I’m going to try to find a workaround, it’s just a minor annoyance
-
@tyller_ To get a user’s pfp, you have to read their profile page HTML using their user id and then parse some stuff to get their profile picture from there (since profile pictures are public and are shown on that page).
You can get the HTML of a page by using the thing to get a page as markdown but putting “view-source:” before the URL that you are going to read, and then doing some trimming by removing the unnessescary lines and stuff and then reading the src attribute of the profile picture image (wherever the pfp is normally located in terms of the HTML page structure).
I’m using a similar method to get the title of a website by getting a website’s source code (ex:“view-source:https://google.com”) then reading the content of the
<title>
tag for my iframe powered browser project. What you could do is join “view-source:https://play.creaticode.com/users/” and the user id, and then read that to a variable (using the cloud block read page as markdown), then look for wherever the profile pic image of the user is (should be near like the about me section) and then get the URL of that image by reading thesrc
attribute. Then you can display that image (via its URL) to a widget. -
@jeffreyrb03-gmail alr, I never would of actually thought to use view source to get the actual stuff instead of markdown, thx
-
@jeffreyrb03-gmail it doesn’t work likely because it’s loaded after, I used my source bookmarklet and holy, CreatiCode can you guys plsssssssss use some css files, I’ma check forum pfps for it
Edit: find in my view source has found it in regular user profiles, but it’s too big of a source for it to actually bother scrolling me all the way there
Edit 2: nvm it shows that theres 1 of 1 found, but scrolls me to the top, but searching for the tag which is probably around the pfp url is the same result
-
So you are looking for a block in the playground that would return the URL of the forum profile image of any user given their user id?
That’ll not be easy, since the forum is a third party software (NodeBB).
-
@info-creaticode I just want to display the pfp of a user in a chat rooms project I have, I only looked at forums becasue I can’t find a users pfp in the view source of their user page, I wouldn’t be able to use forums because people may of changed their username from when tehy made a forum acc
-
How about the profile image of a user on the CreatiCode playground (not the forum)?
-
@info-creaticode I tried that, that’s what I meant when I said I couldn’t find the pfp in regular get page as markdown or going to the page and didn’t through view source, I tried control f but the view source I have is too big to scroll for me, I’ll try checking the fetched markdown source for the image url, I for some reason didn’t think to try that
-
So if we add a new block “get profile URL for user [USER ID]”, then that’ll be good enough for you?
-
@info-creaticode I believe I’ve found aw way to get the pfp url, and a block like that would be a bit too specific while it would be generally useful for chat projects, but it isn’t neccasary
-
@info-creaticode never mind what I said, I have found that the pfp is indeed not in the source of the user page, if you added a block like that it would be able to do what nothing else can do
-
@info-creaticode I think that he meant to get the creaticode (not forums) profile picture, and that’s a good idea! I like that block, especially because it’d be way more efficient than the method I proposed, and would be very useful.
-
Sure. We will add that task to our list.
-
@info-creaticode Thank you!
-
Also @Tyller_ , with CreatiCode, it’s almost never impossible to do (just about) anything, it’s just certain things would require a lot of code complexity and working/tinkering with it to get it right and doing what you want. And I’m actually a bit suprised that the CreatiCode page for a user doesn’t have the pfp url just right there in a
<img src="//example-creaticode-user-profile-picture.png" />
, considering they probably use PHP or NodeJS for the server/back-end, so stuff like that usually would just get put there in the page before being sent over to the browser or page getter. My guess is they probably use javascript afterwards to send a request to their own site to retrieve the profile picture of a user and then just put it right there in the good ol’ profile page:
Even then, it’s not impossible still, since you can always use external services. For almost any text value you need, you can make an API website to give it to you. Basically it’s just a website that instead of giving sites, it’ll just give some sort of string or a file sometimes, like going to this site (or using code to GET that site): https://api.fedidb.org/v1/stats will give you site statistics in JSON for how many people go on the Fediverse or Mastodon. There are many other cool APIs out there, like ones that return random fun facts, and then you can use that to create a fun fact generator project.
I might make a little API in the mean time with Replit that will use PHP and guzzle to get a page and act like a browser, and then search through the HTML, find what it needs to, then return it. When that’s done, you can just use the get page as markdown block (dw, the block doesn’t affect APIs unless they are returning HTML. Then, ta da! You can now get the profile picture of a user by their user id
-
@jeffreyrb03-gmail Ik how http requests work, I hosted two discord bots on my laptop (and I only used chatgpt to learn new stuff, like dot notation and what some api stuff was because I was not gonna dig through the api docs), it seems to load it all via script tags, like I can’t find “About Me” or any content in it via view-source in the body doc, and I’ve found the script file (https://play.creaticode.com/scratch-playground.0f9a92301b4653bde090.js) used with like everything it seems