HamzaMath #1702
HamzaMath #1702
Conversation
some math blocks for calculators
|
You cant use eval, its dangerous and can run JS code. Also, the calculate blocks are useless as you can use the "abs" block from operators. You could just add the other blocks to the Math extension |
|
Oh yeeeah a message popping on your screen to simply say something is
sooooo dangerous. Sooooo many bad things could happen. It deeefinetely be
such a catastrophe.
…On Thu, Oct 3, 2024, 8:18 PM SharkPool ***@***.***> wrote:
You cant use eval, its dangerous and can run JS code.
alert("see what I mean?")
Also, the calculate blocks are useless as you can use the "abs" block from
operators. You could just add the other blocks to the Math extension
—
Reply to this email directly, view it on GitHub
<#1702 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ANYWUKLD3ED7SEAPDQOBWXTZZXUGHAVCNFSM6AAAAABO6XO4G2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGOJSGYYDCMJUGE>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
You can run any script in JavaScript. It's an example. In reality you can download dangerous files or worse |
|
@Drago-Cuven now you're real silent |
| @@ -0,0 +1,178 @@ | |||
| (function() { | |||
There was a problem hiding this comment.
should be:
(function(Scratch) {
"use strict";| @@ -0,0 +1,178 @@ | |||
| (function() { | |||
| const extension = { | |||
There was a problem hiding this comment.
your extension needs to be wrapped in a class, and its block functions
There was a problem hiding this comment.
actually any object is fine lol
| } | ||
| }; | ||
|
|
||
| Scratch.extensions.register(extension); |
There was a problem hiding this comment.
should be
Scratch.extensions.register(new SPAddedMotion());
})(Scratch);| try { | ||
| const result = eval(args.EXPRESSION); | ||
| return result; | ||
| } catch (error) { | ||
| return 'Error'; // Return error message for invalid expression | ||
| } |
There was a problem hiding this comment.
You should never be using eval like this. People will be able to run any javascript code, which is dangerous
some math blocks for calculators