Discuss Scratch
- Discussion Forums
- » Advanced Topics
- » Custom project page colors/styles in ordinary scratch (plus more things)
![[RSS Feed]](//cdn.scratch.mit.edu/scratchr2/static/__d235e7f35585482ca999583499337ccd__//djangobb_forum/img/feed-icon-small.png "[RSS Feed]")
![[RSS Feed]](http://cdn.scratch.mit.edu/scratchr2/static/__d235e7f35585482ca999583499337ccd__//djangobb_forum/img/feed-icon-small.png "[RSS Feed]"){kind=icon}
- mali3000
-
Scratcher
1000+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
it still works right now but they will eventuallyaw so they probably fixing the CSS exploit.sniphttps://github.com/scratchfoundation/scratch-editor/pull/567Can you quote the text on there? Github is blocked rn
- STebBerry
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
i think they're trying to fix it, but at the moment it's not patched. my chatroom still has custom styling
- ScodexPerson
-
Scratcher
1000+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
Proof from Paddle2See that they're fixing it(?): https://scratch.mit.edu/discuss/topic/883932/?page=1#post-9177434
Thanks - it's a known issue with CSS. I don't have an estimate on when it will be fixed but I believe it's harmless.
Last edited by ScodexPerson (May 15, 2026 16:45:28)
- fortyonegames
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
Proof from Paddle2See thatthis is why paddle2see is best scratch team memberthey're fixing it(?): https://scratch.mit.edu/discuss/topic/883932/?page=1#post-9177434
Thanks - it's a known issue with CSS. I don't have an estimate on when it will be fixed but I believe it's harmless.
Last edited by fortyonegames (May 15, 2026 17:53:08)
- fortyonegames
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
just found another scratch breaking bug 
- blessingj100
-
Scratcher
1000+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
just found another scratch breaking bugOk… What is it?
- fortyonegames
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
just found another scratch breaking bugOk… What is it?
im reporting it to the ST but it involves injecting XML into a certain part of the project
- JamesTheScratcherBoy
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
THE TUTORIAL GOT TAKEN DOWN 
- blessingj100
-
Scratcher
1000+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
THE TUTORIAL GOT TAKEN DOWNYeah, that was a while ago, it got re-uploaded with a new link I think a month or so ago: https://scratch.mit.edu/projects/1311303013/
- fortyonegames
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
bump
- Digitat321
-
Scratcher
25 posts
Custom project page colors/styles in ordinary scratch (plus more things)
Its like they always fix the issue with the SVG sanitisation without fixing the CSS exploit lol, (correct me if im wrong but this has happened before?) or something similar with ace or XSSaw so they probably fixing the CSS exploit.Resolveshttps://github.com/scratchfoundation/scratch-editor/pull/567Can you quote the text on there? Github is blocked rn
https://scratchfoundation.atlassian.net/browse/UEPR-231
Proposed ChangesReason for Changes
- Load SVGs into a sandboxed iframe for measurement vs directly into the DOM.
- Introduce a new function for removing malicious content from SVGs - canonicalizeSvgText
- TODO: Route all svg loads through canonicalizeSvgText - at the point of loadVector_
Currently we attempt to sanitize SVGs, but the approach is piecemeal. The biggest security issue in the current state is that we load SVGs directly into the DOM, which is an inherently unsafe operation.
Test Coverage
Added tests for sandboxing, canonicalization and measuring SVGs in a sandboxed environment.
Guess not. The ACE is gone.
- blessingj100
-
Scratcher
1000+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
Its like they always fix the issue with the SVG sanitisation without fixing the CSS exploit lol, (correct me if im wrong but this has happened before?) or something similar with ace or XSSYeah, well, that could come to an end. Along with fixing the XSS glitch, the Github pulls to fix it and ones related to the SVG sanitizer said that there was going to be an SVG sandbox to stop it from leaking out, and when it comes out in full, it could put an end to the majority of SVG exploits.
- fortyonegames
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
Bump
- fortyonegames
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
Bump
- Legon974
-
Scratcher
500+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
i emailed the Scratch Team and uuuuuh they said is fixed
- fortyonegames
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
i emailed the Scratch Team and uuuuuh they said is fixedthey fixed the security issue but the styling is the same
- blessingj100
-
Scratcher
1000+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
I can confirm, the custom styling on my test project remains unchanged.i emailed the Scratch Team and uuuuuh they said is fixedthey fixed the security issue but the styling is the same
- my_c00l_games
-
Scratcher
100+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
Isn't that good?I can confirm, the custom styling on my test project remains unchanged.i emailed the Scratch Team and uuuuuh they said is fixedthey fixed the security issue but the styling is the same
- medians
-
Scratcher
1000+ posts
Custom project page colors/styles in ordinary scratch (plus more things)
i emailed the Scratch Team and uuuuuh they said is fixedNoooo
I wonder if someone added 2.0 CSS LOL
Last edited by medians (May 22, 2026 15:33:45)
- 3pinkdragon
-
Scratcher
5 posts
Custom project page colors/styles in ordinary scratch (plus more things)
Bump
- Discussion Forums
- » Advanced Topics
-
» Custom project page colors/styles in ordinary scratch (plus more things)