The Powder Toy

Forum API lets you see removed comments!

  • boxmein     9th Feb 2015 Former Staff 0 Permalink
    Hi!

    Playing around with the forum JSON APIs (just replace .html with .json in the address bar, you'll see), I discovered that listing a forum thread page will also contain the post texts that have been removed by moderators (whether useless or offensive or just giant images of cats). Whether or not it's for the better, I don't know, but here's a quick way to show forum comments that have been removed by moderators!
    https://gist.github.com/boxmein/06651fcb0e9503924ba9

    After installing this script, simply double-click any removed (red alert box) comment to show its original contents!
    ~boxmein

    edit 1: Here's a bit more detail.

    See this page here, it has three removed posts, all labelled useless.
    Here's what the equivalent API request will return - see how the highlighted lines still contain the actual post inside them.

    ...that's about it?



    edit 2: removed as in this:
    image
    Edited 6 times by boxmein. Last: 10th Feb 2015
  • jacob1     10th Feb 2015 Developer 0 Permalink
    Yes this has been known for a long time, removed posts were always visible from the .json or from the post search page. But that second page was replaced a few months ago, leaving the .json as the only way. This is for a good reason, if I want people to be able to see the posts I hide I "hide" them, if not I "remove" them. Usually I remove posts that either really break the rules, or posts that are just made for karma (not constructive / spam). Either way, you probably don't want to see the post.

    Basically, you shouldn't have made this userscript :|, or at least not randomly advertised it here.
    Edited 2 times by jacob1. Last: 10th Feb 2015
  • NF     10th Feb 2015 Member 0 Permalink

    @jacob1 (View Post)

    I thought he asked if you could see hidden comments :p. Yes you can, see hidden comments boxmein .

  • boxmein     10th Feb 2015 Former Staff 0 Permalink
    image
    I'll make it clear again: this is what I mean by removed comments.

    @jacob1
    Also, about whether I should've made this userscript - I don't see anything overly dramatic about it existing. The only comments I've witnessed being removed are either giant pictures or random gibberish, so nothing I would deem dangerous were it revealed once more.

    Other than that, the userscript isn't particularly easy to set up. Also, the security hole exists (and apparently, people are aware of it) whether or not this userscript allows you to utilize it or not. People using the JSON will have found it already.

    I will however admit I could've contacted @Ximon and told him to patch it (or choose not to) before releasing the script, so there is that.

    Edited once by boxmein. Last: 10th Feb 2015
You need to login before you can post replies
Locked by jacob1: i'm locking this thread and nobody will ever know!