My Projects in a Project

Please see the project. I worked very hard on it especially on animations and pen.

Ping: @joecooldoo

Huh, uh let me redo link.

Why did you ping me?

To show you.

Oh ok.

What do you think of the project?

I mean, its just a projects with projects inside of them, You can just view your public page and already see these things, so... Its neat, but I don't see a purpose for it.

I did it cause I had time. I am starting to like animations in Snap! so I might work on them a bit more in the future.

dang I was gonna do something like that!

Ok?

I found two problems with the JavaScript function in Open URL:

1. Not as important: it doesn't use the Open parameter.
2. Slightly more important: the block URL parameter is interjected into the code, so if a person put " in the input, the string ends and they can have it run arbitrary code.

Just don't put quotes in the input right?

But there’s no way to stop them from doing that.

I suppose. Maybe you could throw an error if it has quotes?

Or, better, instead of doing this,

[scratchblocks](call(JavaScript function $$[]@delInput@addInput$$ \{(join[doThing("](var)[");]@delInput@addInput::operators)}::operators)@addInput::control[/scratchblocks]
do this:

[scratchblocks](call(JavaScript function $$[var]@delInput@addInput$$ \{[doThing(var);]}::operators)with inputs(var)@delInput@addInput::control[/scratchblocks]

No, that won't work; do this:

[scratchblocks] (call (JavaScript function $$[v] @delInput @addInput$$ \{ [doThing(v);] \} :: operators) with inputs (var) @delInput @addInput :: control) //Assuming doThing has been declared as a function [/scratchblocks]

How is it different?