Wetbikeboy2500
commented
6 years ago This userscript has been accessing people's csrf token since I first made it since that is what needs to be sent to get a users project. The csrf token is only ever used to make the api requests valid so I can use curtain api calls. The code to save to a cloud is actually all there. It uses a system that saves a message property into a default scratch project. This data can then be retrieved and used by just using the api to get a projects json. It is a cloud-based system that used scratch's own servers and never sends user data out to other sites which is the biggest thing. The biggest security issue would be from Scratch's own security. I'm just utilizing the api they have. There is also some other stuff I found out when looking at the api . . .
Hey hey hey, you really shouldn't be accessing people's csrf tokens. This violates TOS in so many ways. If you plan on using this for any sort of data saving, please stop and find another way. You might want to host something with Heroku