
Show HN: Handwriting for the web - iveqy
http://handwriting.se/
======
brian-armstrong
I would advise people not to click this for now. Right away it opens an alert
generated from user content. Hard to say what other JS is being run from user
inputs but best not to risk it.

~~~
ChristianGeek
Especially stay away if you’re mobile! I thought I had entered a time warp
back to the 1990s.

------
perryprog
So uhh... seems like some XSS happened. I would advise take this website down
ASAP, and fix your bugs, and sanitize your database.

~~~
smichel17
It looks like someone injected a redirect to example.com, so that's nice to
mitigate issues for now.

------
ytjohn
When I click the link, I see some handwriting, and 4 images of an owl moving
around. Then a second later, it redirects me to a site called debsys.com,
which kind of seems to be a q&a site, or a demo of one.

------
Exuma
lol @ sanitize user input

------
madnerd
This is way funnier than it should be, it is great to share simple schematics
fast.

------
vit05
Was the site hacked?

BTW, I little of topic about the site, but on topic about handwriting. Is
there any research about using handwriting on mobile as password?

Not just put your choice word and type on the keyboard, but writing using your
fingers.

------
czechdeveloper
502 Bad Gateway for me :/

~~~
iveqy
Sorry, for some reason the site is a bit unstable. It's up now again.

~~~
jason_slack
it is unstable because you didn't sanitize your user input before committing
it.
[https://en.wikipedia.org/wiki/Data_sanitization](https://en.wikipedia.org/wiki/Data_sanitization)

------
teleclimber
How interesting!

My tabet comes with a pen, and my new Windows laptop does too. Tried it with
the tablet and it worked well. Maybe there is something there?

At the very least it would drive the screen scrapers nuts!

~~~
ivanbakel
A shame that screen scrapers includes anyone with visual impairments, and that
our current "text-based" web is already struggling to accomodate them.

~~~
fiatjaf
You should tell that to Michelangelo. He shouldn't have painted anything that
wouldn't be possibly perceived by anyone with visual impairments.

~~~
ivanbakel
There's a difference between saying no non-accessible media should exist and
making changes to media which add very little and simply serve to make it less
accessible than it already is.

~~~
always_good
> making changes to media which add very little and simply serve to make it
> less accessible than it already is.

If that's what you think this fun little project is, you have lost your grip.

~~~
ivanbakel
Where do I say that I think this applies to the project in the OP? I'm talking
about the idea of "driving screen-scrapers nuts". To implement the project
just for that purpose _is_ anti-access, which doesn't reflect on the project
itself.

------
stephenr
Holy fuck that is a lot of penises.

------
modinfo
the idea is very interesting, really very interesting, but unfortunately the
implementation is not the best

notice: simple xss possible

------
iveqy
TIL:

* people loves to draw penises (don't know any good way of preventing this, except require accounts)

* never be lazy with xss

------
sogen
Fun!

