Snap! version 6.9 and the JavaScript Function block

Sure.

What if a moderator was to work for free? Like they didn't want to get paid they just wanted to moderate?

As Shoshana Zuboff pointed out, Google quietly retired that slogan as soon as they started tracking user preferences to sell targeted ads.

Yes, I was referring to before it was retired, and the fact that it was there in the first place.

The plan for libraries is that we'll include their essential JS functions in Snap! itself, and have a CALL HIDDEN PRIMITIVE block (probably with a shorter name) that has a dropdown input with a list of those functions plus a variadic input for whatever inputs the primitive needs. So, no, libraries can't run unconstrained JS code either.

We'll have to make sure these functions don't have stupid buffer overrun bugs and that sort of thing, of course, but it's still a finite set of functions to worry about.

Gotta go, y'all, I have a meeting...

Whitelisted hashes of JS body will be a one evening exercise but the whole rewrite may be harder than it looks. Control structures libraries are probably sensitive to booth JS and Snap! execution context.

If I understand correctly, in a project that contains 30 sprites with multiple blocks, I will have to search all the blocks, one by one, to find the blocks that contain javascript, and evaluate the code to see if this code is malicious?

Even the blocks in the libraries contain javascript!

ooh the possibilities! 10% of say or ask blocks present branded content instead -- bh and Jens will be rollin in the scratch! <-- lol unintended pun I swear

Wait there is no way that's true lol. Isn't that against policy?

I'm not saying what is, I'm joking what could be :money_mouth_face: :money_with_wings: :moneybag:

Not after we implement the hidden primitive thing.

No, because if we saved that in the project, the bad guy could just enable it for you!

Okay, I think we're done talking about this. I'm gonna close the topic.

Bottom line: You have to explicitly allow a project to use JS; we will soon have a solution for official libraries that doesn't use the JS Function block.