Platform development

Author: DebateArt.com

Posts

Pinned
Total: 1,735
RationalMadman
RationalMadman's avatar
Debates: 574
Posts: 19,931
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
If you create an iframe, your site becomes vulnerable to cross-site attacks.

  • You may get a submittable malicious web form, phishing your users' personal data.
  • A malicious user can run a plug-in.
  • A malicious user can change the source site URL.
  • A malicious user can hijack your users' clicks.
  • A malicious user can hijack your users' keystrokes.
Steer clear of using the iframe tag. Don't put your visitors at risk to the XSS attacks.
DebateArt.com
DebateArt.com's avatar
Debates: 0
Posts: 1,403
3
3
8
DebateArt.com's avatar
DebateArt.com
3
3
8
-->
@RationalMadman
@Wylted
Thanks RM. So basically yeah, it brings some nasty things on the table and I just feel safer to have it blocked.
Wylted
Wylted's avatar
Debates: 34
Posts: 5,754
3
4
11
Wylted's avatar
Wylted
3
4
11
-->
@DebateArt.com
I don't understand completely. The page we are on, you include an iframe tag. Why is it safe for you to use? Or is it just unsafe when outside users use it on your site?
DebateArt.com
DebateArt.com's avatar
Debates: 0
Posts: 1,403
3
3
8
DebateArt.com's avatar
DebateArt.com
3
3
8
-->
@Wylted
So the iframe that you are talking about is probably the one created for the text editor and it is safe because it renders the content from this website, not from any external source. This is just a trick for the rich text editors, most of them use iframes for that. But when the website can be loaded through an iframe on the other website, that may cause some issues.

A quick example of some nasty thing that could be done using Iframe:

Potentially, a malicious site could load your site as a full-page iframe and make it seem like they're actually visiting your site, say your login page. In front of this iframe they will overlay an invisible form, with a text field in front of both your site's username and password field. When an unsuspecting user tries to log in to your site, they'll actually be filling out this malicious form and sending their login credentials to the malicious site

RationalMadman
RationalMadman's avatar
Debates: 574
Posts: 19,931
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
-->
@DebateArt.com
tin foil hat wearers give you some of the best advice in life.
Wylted
Wylted's avatar
Debates: 34
Posts: 5,754
3
4
11
Wylted's avatar
Wylted
3
4
11
-->
@DebateArt.com
Thank you. I appreciate that. Now tell me how you learned vanilla javascript and how long it took. I have been doing it a month and don't know shit
DebateArt.com
DebateArt.com's avatar
Debates: 0
Posts: 1,403
3
3
8
DebateArt.com's avatar
DebateArt.com
3
3
8
-->
@Wylted
Javascript is a piece of crap and it takes some time to learn all of its gotchas. These days I'd suggest that you learn Typescript instead and then just compile it to Javascript, Typescript solves some issues and types are super useful too. But it's worth pointing out that if you didn't have any programming experience before, it doesn't matter what language you're gonna learn, it's gonna take a while. And it doesn't even stop when you learn how to use the language, there are so many other things that you need to know. So don't worry, take your time and enjoy the journey. The best way to learn something, at least for me, is to have an idea of what you want to implement and start working on that, it may be some simple mobile app or a website, doesn't matter, just something that would be interesting for you. That's how I came up with an idea for this website :) Learning for the sake of learning is not a great idea in my opinion.
A-R-O-S-E
A-R-O-S-E's avatar
Debates: 0
Posts: 682
2
2
6
A-R-O-S-E's avatar
A-R-O-S-E
2
2
6
-->
@DebateArt.com
Oii, don't talk shit about javascript
A-R-O-S-E
A-R-O-S-E's avatar
Debates: 0
Posts: 682
2
2
6
A-R-O-S-E's avatar
A-R-O-S-E
2
2
6
-->
@Wylted
Need JS help? I'll help a dude out so it's not rEEEEEEEEEEEEEEEEEEE for months like me
Wylted
Wylted's avatar
Debates: 34
Posts: 5,754
3
4
11
Wylted's avatar
Wylted
3
4
11
-->
@DebateArt.com
Thanks
Wylted
Wylted's avatar
Debates: 34
Posts: 5,754
3
4
11
Wylted's avatar
Wylted
3
4
11
-->
@A-R-O-S-E
Thank you. 
DebateArt.com
DebateArt.com's avatar
Debates: 0
Posts: 1,403
3
3
8
DebateArt.com's avatar
DebateArt.com
3
3
8
-->
@A-R-O-S-E
Oii, don't talk shit about javascript
Javascript is crap, sorry mate. It can't even sort array properly ->

[7, -4, 4, -1].sort() -> [-1, -4, 4, 7]


A-R-O-S-E
A-R-O-S-E's avatar
Debates: 0
Posts: 682
2
2
6
A-R-O-S-E's avatar
A-R-O-S-E
2
2
6
-->
@DebateArt.com
Lol, I know you're just kidding
DebateArt.com
DebateArt.com's avatar
Debates: 0
Posts: 1,403
3
3
8
DebateArt.com's avatar
DebateArt.com
3
3
8
-->
@A-R-O-S-E
Haha I wish ... :/
Vader
Vader's avatar
Debates: 30
Posts: 14,984
5
8
11
Vader's avatar
Vader
5
8
11
-->
@DebateArt.com
Please insert a picture of an unicorn or Marco Diaz at the home opener I want this to be pretty
A-R-O-S-E
A-R-O-S-E's avatar
Debates: 0
Posts: 682
2
2
6
A-R-O-S-E's avatar
A-R-O-S-E
2
2
6
-->
@DebateArt.com
Can there be an option to not auto-sub to forum threads you make?
TheRealNihilist
TheRealNihilist's avatar
Debates: 44
Posts: 4,920
4
9
11
TheRealNihilist's avatar
TheRealNihilist
4
9
11
-->
@DebateArt.com
Dark mode please. My eyes.
DebateArt.com
DebateArt.com's avatar
Debates: 0
Posts: 1,403
3
3
8
DebateArt.com's avatar
DebateArt.com
3
3
8
-->
@A-R-O-S-E
Can there be an option to not auto-sub to forum threads you make?
Probably, but there'd have to be a separate section for the preferences like that and that would take a while, so I think I will implement it but probably not before some more important things :/

DebateArt.com
DebateArt.com's avatar
Debates: 0
Posts: 1,403
3
3
8
DebateArt.com's avatar
DebateArt.com
3
3
8
-->
@TheRealNihilist
I think there are browser extensions that somehow add dark modes to the websites, check them out, maybe they'd be useful.
RationalMadman
RationalMadman's avatar
Debates: 574
Posts: 19,931
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
to handle light mode on sites without it hurting as much see here:


also turn the default app size to around 125% or whatever your computer offers, it is my personal opinion that all default icons and proportions are basically 80% of the size that they should be for a proper relaxing experience. Again, there's no substitute for glasses, ask the optician for antiglare if they don't offer it (in this day and age they should always ask if you spend a lot of time in front of a screen). If you don't need glasses, all my solutions will work for you, guaranteed. Try playing around with text size a little but don't mess around with the text contrast, imo. 

If using a phone, similar techniques work but on a phone I suggest truly increasing default font to largest and even making colours more pronounced (but not the most extreme vibrance, that will strain your eye differently).

RationalMadman
RationalMadman's avatar
Debates: 574
Posts: 19,931
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
If you want to have a dark mode on sites, 'dark reader' is the most trusted one. Do note they are always problematic as to alter your screen to dark, they need to record every single piece of text that they then turn white or whatever you customise it to, so I personally will never ever get this addon/extension type as it's not like adblock where they promise that they discard anything that isn't inside and 'ad frame' as soon as they 'read it', same with VPNs and such. Screen alterers are very dangerous business and it's why no browser in its right mind will allow a 'theme' to alter your general site display, it's simply too large a security threat. They know many naive users would go for a theme they find appealing and not realise what they're signing up for, that's why both Chrome and Firefox (and basically all browsers) have made it so that to alter the display of websites, you either need to do it on your actual control panel on your computer or agree to the terms and conditions of an additional addon that explicitly is for that and states what it reads and alters, in order to achieve that appearance.

This is the dark theme that is most trusted in terms of street cred:

Firefox (works on Android browser as well as computers, not sure about iPhone and never will care): https://addons.mozilla.org/en-GB/firefox/addon/darkreader/

RationalMadman
RationalMadman's avatar
Debates: 574
Posts: 19,931
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11

it promises that it doesn't store, but it definitely reads every word on the page as it goes along and has to temporarily fully store it in some capacity to alter it and present it back to you.
TheRealNihilist
TheRealNihilist's avatar
Debates: 44
Posts: 4,920
4
9
11
TheRealNihilist's avatar
TheRealNihilist
4
9
11
-->
@DebateArt.com

It doesn't work.

I have tried it on another site and it works like with Google.


Edit:

It actually works. At the moment I posted this. The page refreshed and it changed. Woo. Now I ain't seeing the blue and orange and white of the site.

The site's previous look  does flicker before it changes so people might have seizures or something. 


Used this one and the aesthetics look better but the previous look does flicker.

Any chance of a dark mode added to DA?  
RationalMadman
RationalMadman's avatar
Debates: 574
Posts: 19,931
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
That is much less trustworthy and less good too.
TheRealNihilist
TheRealNihilist's avatar
Debates: 44
Posts: 4,920
4
9
11
TheRealNihilist's avatar
TheRealNihilist
4
9
11
-->
@DebateArt.com
I think there are browser extensions that somehow add dark modes to the websites, check them out, maybe they'd be useful.
How about one on this website? 

An external dark mode does cause a flicker every single change in the website. This can be that I refresh the page or click on something that moves me to a different section of the website. The flicker is what the website looked like before the dark modes turns on. This of course is not good because I am getting constant white flickering when moving pages. I think the impact would be worse than simply not using it at all.
A-R-O-S-E
A-R-O-S-E's avatar
Debates: 0
Posts: 682
2
2
6
A-R-O-S-E's avatar
A-R-O-S-E
2
2
6
-->
@DebateArt.com
Next suggestion, recruit a bunch of us to turn this thread into bullet points, so many!
lol
RationalMadman
RationalMadman's avatar
Debates: 574
Posts: 19,931
10
11
11
RationalMadman's avatar
RationalMadman
10
11
11
-->
@A-R-O-S-E
He actually did that. Myself and Ramshutu were the most helpful towards the cause. I quit due to both rivalry with Ramshutu and extreme fury with laziness on the part of Bsh1 with making MEEPs or helping us move anything forward at all.

A lot of the last 10-20 updates of the website minor and major have been due to our work on a platform named Trello. If you mean to help you, the user, see it, then that's a separate thing and I may understand why you'd want people to know what's already been suggested perhaps by editing the OP in some kind of 'progress-made' sense.
A-R-O-S-E
A-R-O-S-E's avatar
Debates: 0
Posts: 682
2
2
6
A-R-O-S-E's avatar
A-R-O-S-E
2
2
6
-->
@RationalMadman
Cool, I just could see how it would be hard to keep track of it all
TheRealNihilist
TheRealNihilist's avatar
Debates: 44
Posts: 4,920
4
9
11
TheRealNihilist's avatar
TheRealNihilist
4
9
11
-->
@DebateArt.com
If a user is banned can I not add them as a receiver?
DebateArt.com
DebateArt.com's avatar
Debates: 0
Posts: 1,403
3
3
8
DebateArt.com's avatar
DebateArt.com
3
3
8
-->
@TheRealNihilist
Nope