31 comments

[ 4.8 ms ] story [ 53.4 ms ] thread
Fantastic. I should have known better than to have loaded this at work. Thanks for citrus fruit party, mature peers.
Yeah, I should have put a warning somewhere. I was foolish not to expect that.
Redirects are still possible with the <meta> tag
That didn't take long for someone to break it.
Well that's just a mess.
So, people like to be destructive. That's pretty obvious.

I'd recommend creating a new pad with the button at the top if you really want to play around with it without any interruptions.

Shut this link down asap pls. On Safari, it completely takes over my browser (I was on a different tab when the page loaded and took over). Had to restart in order to get my browser back.

This is VERY annoying.

Same here. Had to restart a 4 hour download.
lol, it or someone on there sent me to google.com somehow.
I think this could really be fun and very useful if you have mature ethical adults on. You can try this one if you want http://jlongster.com:4007/noassholes
Best way to think of this would be like an interactive pastebin. The more people on one pad, the more useless it becomes. But for 2 people troubleshooting it would be great.
Oh my gosh, seriously. The global pad just turned into a bunch of lolcats and script kiddies.
perhaps if the starter of the pad can set a password that has to be entered the first time ESC is hit for that pad? sorry for the armchair feature requesting.. i think the idea has promise.
This would be great for interviewing front-end candidates. There's a few out there already that let you share code, however this lets everyone see the results instantly.
Yes! As I'm watching this unfold, I'm realizing that this would be great for asking XSS questions too.
How was this built? Seems like Meteor could be an option.
See the "about" link at the top. I used share.js [1], which is a great Operational Transform library, with the Ace Editor. With a little bit of js, I made the page auto-update with the contents.

share.js really made this easy.

[1] http://sharejs.org/

<SCRIPT>a=/XSS/ alert(a.source)</SCRIPT>

basic injection works, it doesnt properly screen input

Wooooow, it took me about 2 seconds to go from this is kinda cool I wonder how its built to giggling and spamming "PENIS". This is the best!
Something like this works: <img src="/derp.png" onerror="alert(1)" />
Isn't it fun building web apps nowadays?

The internet is unfortunately not kind to beginners. My sympathies.

I'd love to see this in action, though.

I would just like to thank the utter MORON who put the infinite while loop alert box. No option to close it, can't switch to other tabs. I had to restart a 4 hour download thanks to you.
now it redirects to 4chan /b/
As with most things in life, you can't control what morons are doing.

However, you can control how it affects you. For instance:

- Chrome asks you if you want to ignore dialog boxes after a couple ones pop. - There are excellent "Download managers" to let you start again if it crashes or to overall have a better control. - Lots of hackers disable javascript by default, and only enable it on trusted websites.