Just found a site that uses GWT!

7 views
Skip to first unread message

TheB...@gmail.com

unread,
May 2, 2008, 2:20:42 PM5/2/08
to Google Web Toolkit
http://play.typeracer.com/

typing game. it uses gwt.

TheB...@gmail.com

unread,
May 2, 2008, 6:11:46 PM5/2/08
to Google Web Toolkit
I realized gwt makes exploting javascript complied by gwt is a lot
harder.

in sites that is written with normal javascript it is easy to exploit
when it is javascript games.

for gwt what makes it hard to exploit is the source code of the js is
not easy to read at all.

for example sudukocraving i could make a javascript script that can
solve the puzzle and inject it into the website using
javascript:void()

for the typeracer site I figure out how to get the input box however
when I fill in the word I could not figure out the function that looks
at key press event and do the function after.

For sites that was written in js normally it would be easy to read and
I could just call checkWord() or something.

Also for sites that uses js to kind of make html not readable those
are easy to bypass just by calling the uncompressed output and
alerting it.


So gwt makes javascript hacking a lot harder :)

paulss...@gmail.com

unread,
May 9, 2008, 12:18:05 PM5/9/08
to Google Web Toolkit
If the js is written by someone else using GWT and is therefore
obfuscated then good luck!

But if you're writing your own GWT app and you know you're going to
want to hook into it using javascript for whatever reason... not sure
why you would... but you should use GWT's JSNI which is a way of
getting the GWT compiler to output some handwritten js code. This is
handy for primitive implemenations for things like js to flash
bridges, etc (although I'm working on a GWT wrapper for the entire
actionscript language if anyone is interested?)

Joseph N. Hall

unread,
May 9, 2008, 6:43:19 PM5/9/08
to Google Web Toolkit
TypeRacer was hacked a number of times (1000 words per minute?) but
the author has fixed most of those opportunities.

It's a pretty nifty application.

Still, you always have the option to mess with the RPC.

Axel Kittenberger

unread,
May 10, 2008, 5:51:37 AM5/10/08
to Google Web Toolkit
Any client is hackable that is not a 2D sequential images displayer
from the server...

Alex Lam S.L.

unread,
May 10, 2008, 6:55:30 PM5/10/08
to Google-We...@googlegroups.com
Doesn't seem to work under IE8...

Alex.

Reply all
Reply to author
Forward
0 new messages