Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Draw on any webpage. Share your ideas - MarkUp (markup.io)
84 points by dchest on Oct 9, 2010 | hide | past | favorite | 19 comments


I think there are security issues, as it "works" by copying the HTML of the page and overlaying a canvas on top. So, for e.g., if you post a HN page, I could copy the URL for upvoting, trick you into clicking it and get an upvote automatically. The auth token in the upvote URL is supposed to prevent CSRF attacks, so it's dangerous to give it away!

It's also a problem with websites that store temporary auth tokens on the webpage, though I don't know any.


As with all bookmarklets that include dynamic scripts, there's the security issue of XSS as well, including cookie hijacking and form posting. It completely a matter of trust that the bookmarklet you're running is safe, and hasn't been modified to do anything bad.


I completely agree with you. But then, I have to trust only the bookmarklet provider not to do malicious stuff; here, even if I trust markup.io, I still have to trust others who are going to view my markup.


Previous discussion (started by the developer): http://news.ycombinator.com/item?id=1768345


The linked page seems to have trouble recognizing the arrow example. The others I can be a bit sloppy, but that one I have to really slow down and trace (or pretend trace since the guideline inexplicably disappears).


This is great! If you are looking for a business idea, I'd be willing to pay a monthly subscription fee for a private version of this. As a developer, I'd use it for reporting bugs in web apps that I develop (and I'd encourage biz and product people within the organization to do the same).


We're planning (tentatively) on adding accounts, private MarkUps, and a few other features in the next version.


Yet to try it out, but really like the style you've chosen for your front page. Only thing, and it might be intentional, is the variety of ways you're presenting your mark. The mark is there in a circle, arrow-like shape, and something more like a banner (in the footer). If it's to demonstrate the shapes your system understands, that might need to be better explained. Otherwise, I'd just pick one shape and run with it.


It's a great idea, http://markup.io/v/36h50c6fcaee, but sadly didn't work on the first page I tried (a blog alicious.com; http://imgur.com/GYpKu.png).

It needs an undo and an erase function IMO.


C-z


Cool, also like the auto-tidy on the arrows.


Not an original idea but excellent execution and has potential to spread virally! I have put it to my bookmarklet and time will see if I use it for some tasks. At the moment I cannot think about any scenario that would be useful but I am sure there are plenty.


Wow, I love this.

http://markup.io/v/d3tjg1xn1eqx


http://markup.io/v/j0b9dta6v2cp


Nice user engagement when u ask them to draw shapes, I was hooked right away.


my mono lisa, http://markup.io/v/r7tj2gav5ds5


Would be very cool if you could make it work on the iPad as well!


on its way!


love it. another one of those "damn, why didn't i make that" apps :D




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: