sporeproject / spore-frontend Goto Github PK
View Code? Open in Web Editor NEWHome Page: https://spore.earth
Home Page: https://spore.earth
I was thinking it would be interesting with an interactive gallery on the new website made in Unity where you can browse all the live NFT's in a mushroomy cave or something; this obviously needs to be developed further. I can personally start the development in a new repo and others could join in if interested.
Let me know what you think!
Your discord url in readme is invalid.
I PASSED MY SPORES TO AVAX TO GET GROW
BUT I CANT SEE ALL THEY AND I DONT KNOW HOW TO GET BACK ON MY WALLET ALL THEY.
THANKS
npm install
doesn't work because react-lottie requires react 16 tops, and the project is using react 17. Lottie is working on their version 3, but until then it doesn't seem possible to make it work other than the --force
flag which is not ideal.
Host: https://spore.earth/
Weakness: Clickjacking
Severity: Medium
DESCRIPTION:
Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking a user's click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in the attacker's own website and overlays it with objects such as buttons using CSS skills. This tricks users to perform unintended actions on vulnerable websites, thinking they are doing those on the attacker's website. Clickjacking, also known as a "UI redress attack".
IMPACT:
Users are tricked into performing all sorts of unintended actions such as typing in the password, clicking on ‘Delete my account’ button, liking a post, deleting a post, commenting on a blog. In other words all the actions that a normal user can do on a legitimate website can be done using clickjacking.
STEPS TO REPRODUCE:
Edit the src attribute of the iframe tag. Change its url to your target site and save the file.
Launch the file in browser.
Observe that the website is getting embedded in an Iframe.
MITIGATION:
In order to fix the issue, we must know the underlying reason that is causing the issue. Clickjacking is caused due to allowing permission to a third party website to embed the vulnerable site using Iframe. Disallowing this can be done by setting HTTP headers that direct the browser to not allow the target website to be iframed. This can be done by configuring the server on the following two response headers: X-Frame-Options Content-Security-Policy. Implement any one of the below based on your business requirements:
You lack both formatting tools and linting to keep consistency. Sometimes you use single quotes, sometimes double. Sometime you end lines with semi colon, sometimes you don't.
I would recommend adding prettier for formatting and eslint for linting the typescript. Is that something that would interest you? I could make that happen. But a fair warning - the PR would involve lots of code changes and I would recommend you to test all functionality afterwards.
If you are interested we also need to discuss the formatting rules.
For example:
{
"tabWidth": 2,
"printWidth": 80,
"trailingComma": "none",
"arrowParens": "avoid"
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.