24 days ago

@GarboMuffin just shared a blog post disclosing an XSS vulnerability found in the unmaintained "paper.js" (the vector rendering library used by Scratch and its forks).

The article is a list of mods (as I find) that are still vulnerable. Avoid using these.


  • Gandi IDE (Cocrea)

  • Creaticode

  • ScratchCE

Link to the blog post:

https://muffin.ink/blog/paperjs-xss/

Scratch General
TurboWarp General
Gandi IDE General
Unsandboxed General
13


2 comments

Loading...

Next up

i cant help it im having too much fun

You know in Scratch where there's a tiny bit of extra padding above the motion category, so if you scroll when the motion category is selected it nudges slightly higher?

I fixed that in the next update.

Useless Scratch facts # 7:

This single block (more specifically, the date input) increases Scratch-Blocks' overall size by about 60%.

This is because it has to call in a bunch of heavy dependencies to make it work. Thanks, Google.

The Scratch Team has just recently updated their Terms of Service yesterday, letting you know they now have full permission to use your content to train AI models.

ok i FINALLY finished dropsane teto

i think i still got it

Let's play a game! Can YOU help Sandy find her drums? 🤔💭

"It's finished" they said

Yo Codin House Office