Features from Scratch? about elemental HOT 52 CLOSED

Is it worth even including any sort of project sharing? It makes malicious projects a much bigger issue. :/

from elemental.

True, but I'm sure I can recruit people to be mods
Also, if they saved anything malicious, we could get in trouble anyways for hosting it although it's not on purpose

from elemental.

And that's when things start to get messy.
In your own words, "Just because we can doesn't mean we should."

from elemental.

Exactly. Should we even allow project saving on the server?

from elemental.

Yeah. I would allow that.

Do what Snap! does.

from elemental.

What does Snap! do? I've never used it.

from elemental.

Make an account, then you can save your projects online, but it's private to you.

from elemental.

Sounds good, though I'm still worried about bad uploads... :L

from elemental.

What do you mean by that?

from elemental.

Stuff I probably shouldn't mention, and it's better if you don't know about :/
I guess it's fine as long as the ToS covers our butts.

from elemental.

Hmm... I might know what you mean. :3

Implement banning of users/IPs.

from elemental.

It's not something you should be going ":3" about...
I can do bans pretty easily.

from elemental.

1. Then I probably don't know.

2. Awesome!

from elemental.

I would say that we should implement a simple forum.

from elemental.

1. And it's good that you don't. Trust me.
2. :D

@BookOwl DjangoBB shouldn't be too hard to set up (I think)

from elemental.

Good

from elemental.

I really really don't think we should handle this ourselves. How about some kind of "Share to CodePen" button, and let them handle the community aspects / moderation / etc. They have an api.

That way people can get feedback from an existing and active community of professional front-end designers as well.

https://blog.codepen.io/documentation/api/prefill/

from elemental.

Oh, that's cool! Didn't know that existed.

from elemental.

Me neither until I decided to google "codepen api" 😜

from elemental.

GG.
^{Good guess}

from elemental.

Should we let them log in to accounts still? They can link their account to a Codepen account.
Also - isn't CodePen for only SPAs? Not multiple pages?

from elemental.

Ah, true... One page only. :/

from elemental.

Upload each page as an individual codpen? Links work across pens I think

Will require some url-fudging though on links and I'm not sure I like that (plus it might be impossible)

Huh

from elemental.

Not a fan of that method, though I can't say I have a better one.

from elemental.

Yeah actually no, it's impossible. If page A links to page B and vice versa, they both need to know each other's urls.

Other options = faking links with JS, just plain disabling the codepen button on multi-page sites, not having an online community at all (lol), doing our own online community (and then get it hacked, heh), or providing basic anonymous-only sharing so there's no personal information we're being trusted with.

If we do our own community we'll need an anti-phishing feature prolly. I like how CodePen puts a little bar at the bottom in full-page view so they know it's a Pen and not a "real" website (random pen from the front page example http://codepen.io/russted/full/pJOPxO/ )

Ed: Sorry to be a debbie downer about all this community stuff, I'm just super paranoid

from elemental.

I don't think it'll get hacked that easily (django's pretty good), but I'm worried about uploads.

from elemental.

You don't think. And you're probably right.

But you might be wrong, and that would really suck.

from elemental.

Django's security is already built-in, unlike PHP in Gwiddle or x10 where you have to make your own security.

from elemental.

As long as there's 0% chance any typed code by a user can be executed on the server we're good right ?

from elemental.

Yup - Django cleans its queries, and I will never execute raw SQL.
Social engineering isn't something anybody can stop, though.

from elemental.

If it's inapropriate images, how about only running images that are links to trusted img-sharing sources (dunno which ones)

from elemental.

tinypic and cubeupload only?
Or are there any others?

from elemental.

https://www.youtube.com/watch?v=WzKKjJuujSs

from elemental.

tinypic and cubeupload it is.

from elemental.

Kk!

from elemental.

Swear filtering would have to be hashed so people from Scratch who might look at the code don't see a list :P

from elemental.

oh yeah dang it
who knows the most swear words?
xD

we should probably just find a pip package for it - I don't think we care if they make their own site unshared with whatever they want, but it should be filtered before sharing.

from elemental.

I dunno. I know a few, but I have a family computer and I don't know if it's keylogged soooo

from elemental.

there's probably a library that'll do that for us :P

from elemental.

I hope so.

from elemental.

Yep!

from elemental.

Moderation is why I haven't made a website :P

from elemental.

"Is it worth even including any sort of project sharing? It makes malicious projects a much bigger issue. :/" - Me, four hours ago

from elemental.

"Make an account, then you can save your projects online, but it's private to you."

• You, four hours ago

We could manually approve users to share projects...

from elemental.

Uh-huh! I think some other sites do that. (pj, check your scratch messages!)

from elemental.

@Firedrake969 I forgot about that... Man, I have really good ideas.

from elemental.

xD

from elemental.

If you embed each page of the site within a script element (of type "text/html"), then it's pretty natural to do some JavaScript fiddling to fit a site on one codepen link...

Probably ugly tho

from elemental.

Ew.

from elemental.

Probably?

from elemental.

I'm interested in it...
But doesn't mean it's probably going to be hard to implement and ugly :P

from elemental.

haha

from elemental.