visit /hack/ to see what this is

I'll leave it up to the users to decide whether XSS is a bug or a feature
2016-02-10 10:47:33 +01:00
parent 019750bea8
commit f33e061c9a
2 changed files with 94 additions and 0 deletions
--- a/www/hack/main.js
+++ b/www/hack/main.js
@@ -0,0 +1,42 @@
+define([
+    '/api/config?cb=' + Math.random().toString(16).substring(2),
+    '/common/realtime-input.js',
+    '/common/messages.js',
+    '/common/crypto.js',
+    '/bower_components/jquery/dist/jquery.min.js',
+    '/customize/pad.js'
+], function (Config, Realtime, Messages, Crypto) { 
+    var $ = jQuery;
+    $(window).on('hashchange', function() {
+        window.location.reload();
+    });
+    if (window.location.href.indexOf('#') === -1) {
+        window.location.href = window.location.href + '#' + Crypto.genKey();
+        return;
+    }
+
+    var key = Crypto.parseKey(window.location.hash.substring(1));
+
+    var $textarea = $('textarea'),
+        $run = $('#run');
+
+    var rts = $textarea.toArray().map(function (e, i) {
+        var rt = Realtime.start(e, // window
+            Config.websocketURL, // websocketUrl
+            Crypto.rand64(8), // userName
+            key.channel, // channel
+            key.cryptKey); // cryptKey
+        return rt;
+    });
+
+    $run.click(function (e) {
+        e.preventDefault();
+        var content = $textarea.val();
+
+        try {
+            eval(content);
+        } catch (err) {
+            alert(err.message);
+        }
+    });
+});