

Say Hello to Realtime Collaboration - binarydreams
http://cssdeck.com/post/62/say-hello-to-realtime-collaboration

======
devinrhode2
Looks like you're being hacked really bad. I got redirected to Google! It was
fun to watch though! Add <iframe sandbox="allow-forms"> and you'll disable
javascript. Good fast fix for now, later you'll want sandbox="allow-scripts
allow-forms allow-same-origin"

The 4th allowed value for html5 iframe sandbox is allow-top-navigation, which
allows a script to do window.top.location.href = '<http://google.com> and
redirect someone like me.

------
phreeza
Warning, people are posting NSFW and potentially malicious stuff in the
colaborative area linked to from the post.

As usual, as soon as HNers are no longer on HN proper, the inner troll comes
out.

------
Imagenuity
This needs to override JavaScript commands to keep it from malicious use. For
example, to override alert() do this:

    
    
      (function()
      {
        var proxied = window.alert;
        window.alert = function()
        {
          // replacement code here
          // call original function:
          proxied.apply(this, arguments);
        };
      })();

~~~
faul_sname
When I redefined alert to return false, it crashed Chrome pretty bad (note: I
am not the owner).

If someone really feels like policing it, they can delete the iframe element
(in FF, chrome, or opera) and just have access to the editor panes (which
means no alerts, redirects, or other nastiness). I'm sure someone can figure
out how to write a javascript snippet that will post some text that has been
cleaned of all instances of "window.location", "alert", and probably "while".
(I would do it myself, but it's 1am here).

~~~
Imagenuity
I put in return false; and it did nothing (using Chrome v22.0.1229.56 beta-m).
You wouldn't want to return false anyways, alert is not defined as returning a
value (see: <https://developer.mozilla.org/en-US/docs/DOM/window.alert>)

If you want to see what arguments are being passed, add a
console.dir(arguments); to the code.

------
hbz
It would probably be a huge security risk just to visit the demo page if
people weren't constantly pasting over each other with "MY PENIS" in
HTML/CSS/JS

edit2- No proof of any security risks, not like I tried any

~~~
Bockit
I don't recommend anyone visiting the demo page at work, it's not just the
word "penis" getting spammed.

------
gradys
I would recommend doing something about the demo page. It is going to give
people a bad first impression of the tool even if it is awesome.

Maybe either turn off collaboration (which would greatly detract from the
value of the demo, I know), or limit things like linking to outside images,
Javascript alerts, and more malicious things. With how often everything gets
overwritten, it's not as though anyone is going to be able to do anything
complex that requires any of those things anyway.

------
jsilence
Too sad your site is beeing vandalized. Please resubmit when the trolls have
moved on.

------
jvdh
Really, Comic Sans to promote your website authoring tool, really?

~~~
jvm
You didn't get the memo? Comic Sans is ironically cool now. It was the memo
with subject line: geocities is the new Tumblr.

~~~
hkmurakami
I was reading a 2chan thread earlier today about video game related sites with
absurd amounts of detailed research about the game (ROM level information,
random number table information, etc), and a surprising number of them were on
geocities.

------
return13
Not really a new invention - see 'etherpad-lite' (also opensource) Just with a
little work, it would do the same...

But nice to see how all the trolls play... Maybe this is a real good idea... A
contest battelfield for trolls... (as a game)

------
steve8708
My god, visit the site, it is a shit show, but its kinda fun

Some highlights:

window.top.location.href = '<http://www.troll.com>;

function troll() { alert('troll'); troll(); } troll();

~~~
steve8708
And the ascii art and canvas effects people are busting out are pretty
hilarious

~~~
hbz
NSFW <http://i.imgur.com/RV7na.png>

I was just observing, didn't know I was stumbling on a live canvas when I
clicked the link :)

~~~
emp_
I was actually testing if they had the iframes coming from a cross domain,
which were so our ability to explode the thing is much smaller.

Poor are those who have no way to block alerts tho.

------
madrona
Pass the eye bleach. I don't know what STD that was, but my god, you people...

~~~
TeMPOraL
After that it's more like PTSD.

------
petercooper
Random thought: Imagine if you could see comments on sites like HN being typed
live (and the effects that would have on discussion).

~~~
emp_
Reminds of ICQ group chats back in the day.

    
    
      You're absolu
      You're absolutely wro     (backspaces start)
      You
      I respectfully disagree
    

Fun days.

EDIT: better dummy conversation

~~~
StavrosK
Oh man, that was a fantastic feature! That takes me back...

------
egeozcan
Geek trolls! The most dangerous kind! This became so hilarious I couldn't keep
myself from laughing out loud in my workplace.

------
chase46
Is there anything similar to this that doesn't require registration?

I'd love to use this for teaching HTML but I can't ask my hundreds of teenage
students to all create accounts...

Collaborative isn't a must, anything with syntax highlighting and real-time
previews will do.

~~~
binarydreams
First of all, registering takes few seconds with twitter/github.

Secondly, it's not a must. Only you can register and share the collaboration
URL with your 100s of students.

They can collaborate if they want to, or you can teach them in "Teacher Mode"
- registration is _not_ a must!

Hope that clarifies your doubts :)

------
Johnyma22
Enjoy Etherpad at <http://beta.etherpad.org> and download it at
<http://etherpad.org> :)

------
gbadman
Similar feature has been on Plunker (<http://plnkr.co/edit/?p=streamer>) for a
while now though, perhaps, with less polish.

------
lukeholder
WARNING... currently NSFW

------
ReidZB
Warning: graphic/gore images (not to mention irritating JavaScript alerts,
etc) on the demo page. I would highly recommend avoiding it.

------
binarydreams
I think I'll do HTML/CSS/JS sessions (classes?) on this platform. If you wanna
get in touch email me hello[at]cssdeck.com :)

------
reubenpressman
Just like <http://dump.fm> only for hackers! Could be pretty awesome!!!

------
mforsberg
Really nice; I think it will be great for collaborations although the troll
environment was quite hectic.

------
itsbits
Awesome and creative but how is it useful???...people already going crazy out
there..

~~~
binarydreams
If you actually create your own item and share with friends over the internet,
there won't be such trolls available then. :P

------
devinrhode2
It's an absolute shame what's happening on your demo right now. This is bad.

------
genu1
WOW, that is tremendously effed.

------
SwearWord
This is hilarious.

------
martindale
This is Internet gold.

------
init0
Deserves an up-vote!

~~~
daeken
When you comment on a story, ask yourself this question: does my comment add
value to the thread? If the answer isn't a definite "yes", consider modifying
it until it does, or scrap it all together. It'll help keep the value of the
conversation high.

