Skip to content
Sign upLog in
This post is read-only. Explore Repls and connect with other creators on Community.View Community
The info in this post might be out of date, check out our docs instead. View docs
146

Actual un-clickable button (for real this time)!

Baconman321
Baconman321

Disclaimer!

There always has been (and always will be) ways to bypass this since devtools is more powerful than JavaScript itself. Don't expect it to be actually "unclickable"!


After seeing

@invisibleOne
's post, I realized that there are soo many ways to bypass the "clicking" for his project.

I decided to take matters into my own hands and actually make my button "un-clickable". None of the methods described in invisibleone's post works now (not even mine)!

See if you can get this button >:)

Oh and BTW:

Calling the function or alerting the message that the function alerts is not counted as the solution. I can't stop liars, but if you find a way around it then please tell me.

People who have clicked the button (legitimately. Those who don't post their reasons or their reasons aren't valid (AKA: they aren't actually clicking it) won't get on the "leaderboard"):

  • Wilke000
  • 1andonlyaether
  • Codemonkey51
  • DSAEvan
  • darkdarcool
  • DrakeFletcher2

Ok so many people are doing it. Great guys!

I'm not going to add any more because so many people are doing it.

I am so proud of you replers! You are all such great critical thinkers!

Keep in mind guys that I can only do so much because most browsers give you more control over JavaScript than JavaScript itself...

Oh, wow

I have found and prevented at least 4 methods of clicking the button via cheats since I made this post:

  • Focusing the element using HTMLButtonElement.prototype.focus()
  • Mutating globalThis.requestAnimationFrame
  • Tabbing/editing the tab index
  • Modifying the size/position of the element (to make it stay in one place)
  • Right clicking

Ok guys

You now can't use window.alert :D

Ahh, yes. Now I can tell who actually clicked it and who didn't >:)

Yay, we got on trending!!!

Oh and guys... the message saying "lol nice try guys ;D" means you didn't get it.

Fixed the right click hack >:D

(Possibly) also fixed the right clicking address bar cheat :D (button will be disabled. You can click it, but no "You got me!")

Yoo guys, if the button is gray that is on purpose. It's disabled when the web page loses focus (to prevent the right click cheat... which still works ARGH).

You got me guys, I can't defend this button forever :(

2 years ago

Voters

Comments

TopNew
19
RyanShrey1
RyanShrey1

Very relevant...

image

2 years ago
1
Baconman321
Baconman321

@RyanShrey1
LOL!

SO TRUE!

Btw I love science as well...

2 years ago
1
robertoblong
robertoblong

xkcd. Very funny.

2 years ago
14
ChezCoder
ChezCoder

hm...
hm

if you wanted it to be unclickable that bad, just give the button the disabled attribute, <button disabled>Cant Click</button> and disable attribute changing.

HTMLElement.prototype.setAttribute = function() { alert("Sike Gottem"); }
2 years ago
1
sojs
sojs

this is very good.

@ChezCoder

2 years ago
1
1
1
Baconman321
Baconman321

@ChezCoder
Ok ez fix >:)

Btw glad to see you back buddy!

Oh, wait... it's already fixed because I froze HTMLButtonElement, so it should prevent setAttribute from being changed... oh wait I forgot to freeze the prototype! Thanks :)

2 years ago
1
Baconman321
Baconman321

@ChezCoder
And yea you could have the disabled attribute, but there is supposed to be a chance to click it without the obvious.

Also, alert won't work cuz it's inside a code block and is not in globals.

2 years ago
1
xxpertHacker
xxpertHacker

@ChezCoder
Lmao, HTMLElement#setAttribute actually looks up the prototype until it finds Element#setAttribute ;)

The bypass from there is simple:

Element.prototype.setAttribute.call(button);

JS cannot be sandboxed by itself, it's hell to try.

2 years ago
1
Baconman321
Baconman321

@xxpertHacker
Too, true.. too true.

Can't I delete setAttribute tho?

2 years ago
1
Baconman321
Baconman321

@xxpertHacker
Well, I mean.. imagine if you had even more control (over the client's computer) with JS... it would be a nightmare.

Someone thought they could prevent ending processes in NodeJS (or more or less they were kidding).

2 years ago
1
xxpertHacker
xxpertHacker

@Baconman321
I don't like NodeJS for a thousand reasons, among them, the execution of un-sandboxed JS, with higher privilege than browser JS.

Oh shoot, seems like that sounds like a perfect use case for Wasm though, since it's always safe.


Btw, you need SES in order to sandbox your button... otherwise, I could just assess a new Element from another window if I wanted to.

Actually, no, you just stright-up can't defend that button.

2 years ago
1
ChezCoder
ChezCoder

@Baconman321
ive been fumbling with it for a few minutes now and cant find anything, good job!

2 years ago
1
Baconman321
Baconman321

@ChezCoder
:D

My military strategies have worked well

2 years ago
1
TinyMooshmallow
TinyMooshmallow

@ChezCoder
Or you can use touchscreen

2 years ago
1
ChezCoder
ChezCoder

@Baconman321
make the repl disable the button if the user is on mobile, im sure you can find ways to detect this by searching google :)

2 years ago
1
Baconman321
Baconman321

@ChezCoder
mabe :)

This is kinda ded ngl.

2 years ago
5
HackingGo306
HackingGo306

I clicked it!

Edit: the button doesn't move unless you move your mouse first, so memorize where the button 'spawns' and move your cursor there. Then reload the page using a keyboard shortcut.

2 years ago
1
2
HackingGo306
HackingGo306

Noooo the zoom-in and then zoom-out strategy doesn't work anymore...

2 years ago
1
Plorzon
Plorzon

@HackingGo306

I used your stratigies to do it lolll

2 years ago
4
DrakeFletcher2
DrakeFletcher2

Got it! Go to the project page, hover cursor in the middle of the screen, scroll down, move cursor directly below button, scroll back up (without moving mouse) and click!

2 years ago
1
DrakeFletcher2
DrakeFletcher2

@DrakeFletcher2
Also, right-click method still works for me.

2 years ago
1
Baconman321
Baconman321

@DrakeFletcher2
Hm, try now. it shouldn't work...

I prevented context menu, so it shouldn't bring up the menu for anyone...

2 years ago
4
Codemonkey51
Codemonkey51

Hehehe I on iOS with no access to any js terminal have clicked the button ;)

image

2 years ago
1
Mrunank
Mrunank

[ad removed by a moderator]

2 years ago
1
Wilke000
Wilke000

It's great

@Mrunank
! But no ads

2 years ago
1
RayhanADev
RayhanADev

@Codemonkey51
:O HOW
I have been tapping away at this on my iPad and it hasn't worked

2 years ago
2
DerpBurgerPlayz
DerpBurgerPlayz

image

-cough- literally just dragged my mouse out scrolled down and clicked it lol

1 year ago
2
UnluckyFroggy
UnluckyFroggy

I got it first try. LOL!

2 years ago
2
AntimatterDev
AntimatterDev

gru


ill make a actual unclickable button. no tab spoofing or reload clicking or that stuff. ill make it truly unclickable

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
Not really possible, but ok!

The button will always be clickable :/

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
maybe your definition of clickable is different than mine. what is your definition of clickable?

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
Able to be clicked.

If you make it in JavaScript then the client user will almost always have more power over the program than JavaScript itself.

Like xxpertHacker said, it's hell to try to sandbox JavaScript

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
what is sandboxing javascript?

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
https://stackoverflow.com/questions/7043882/what-actually-is-sandboxing-in-javascript

Basically trying to lock out external resources from meddling with the script.

In this case, trying to prevent the user from editing the code.

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
oh thats decently simple. you just have to make it so that none of the elements appear on inspect

2 years ago
1
AntimatterDev
AntimatterDev

ok i fixed reload spoofing

2 years ago
1
AntimatterDev
AntimatterDev

and to fix the thing of moving faster than it can detect i just stopped the button moving with your mouse

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
That's not rlly possible...

2 years ago
1
AntimatterDev
AntimatterDev

fixing reload spoofing?

2 years ago
1
AntimatterDev
AntimatterDev

i also fixed inspect opening using keyboard shortcuts

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
That's not possible, actually.

2 years ago
1
AntimatterDev
AntimatterDev

idk what your saying is impossible but ive done everything ive said ive done. its actually really simple.

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
You can't prevent inspecting.

They can always open up chrome://inspect or the browser's inspect URL/command.

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
I can still open up inspect :)

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
on mine? how did u do it?

2 years ago
1
AntimatterDev
AntimatterDev

how do you use chrome://inspect. like how would you point it towards the webpage your trying to inspect

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
chrome://inspect allows you to inspect any process running on the chrome browser. It's a local address, so you just type it into the address bar (in a new tab).

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
ok should be blocked now

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
hmm ill try and see if i can block that

2 years ago
1
AntimatterDev
AntimatterDev

ok i found a solution that might work to try and block devtools brb

2 years ago
1
AntimatterDev
AntimatterDev

okie i cant test if they are blocked rn because im on my school pc

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
You can't block devtools, it's impossible.

You can set an interval to trigger debugger;.

When they open up the the devtools it will constantly throw the debugger.

That's the closest you can do to stopping devtools AFAIK.

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
It's just not possible, you can't block something that has more control over your program :/

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
are you sure? maybe you arent looking at all the options

2 years ago
1
AntimatterDev
AntimatterDev

maybe a handy little module called devtoole-detect?

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
Nope.

You can't stop devtools, period.

If you want some more answers/opinions, please post on ask instead of asking me here.

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
i will prove you wrong as best i can just you wait

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
You can't block them from opening devtools on your website!

@xxpertHacker
can verify this (srry for ping but xxpertHacker this guy here is like "I can prevent something that has more power over my program")

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
You can't block this:

Ez way


See?

See?

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
maybe i cant stop you from opening it but what about stopping people from using it?

2 years ago
1
xxpertHacker
xxpertHacker

@Baconman321
😂 I read the entire conversation, it's funny to see people say what they w
will do, instead of just doing it.

2 years ago
1
AntimatterDev
AntimatterDev

such as if they open it it detects it and self destructs the webpage stopping them from doing anything to it

2 years ago
1
AntimatterDev
AntimatterDev

@xxpertHacker
im on a school pc rn so i cant do it rn but i think ive almost got a working prototype before i push it to my own version of this

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
Again, not possible.

Still, you could try for those less experienced (I haven't found a way around it yet, but that doesn't mean there isn't a way):

window.setInterval(_ => (debugger), 1);
2 years ago
1
Baconman321
Baconman321

@xxpertHacker
Devtools can't be "blocked" tho, right?

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
you could just send alerts constantly to stop people from being able to edit anything on the page

2 years ago
1
AntimatterDev
AntimatterDev

@Baconman321
im not saying to block it im saying to make it unusable

2 years ago
1
xxpertHacker
xxpertHacker

@AntimatterDev
Ping me when you think that it's done, so I can break it ;)

2 years ago
1
AntimatterDev
AntimatterDev

@xxpertHacker
ok i will :). keep in mind that im only a highschooler and im only decent at coding

2 years ago
1
Baconman321
Baconman321

@AntimatterDev
@xxpertHacker
it's nice and all that you guys are trying to take my button to the next level and try to break it and such, but could you continue this somewhere where I don't get pinged every time you make a message?

Kinda annoying ngl.

2 years ago
2
LincolnMiddle
LincolnMiddle

It is easy without cheating, just right click and all those options pop up. Then click the button itself and press enter.

2 years ago
1
BobTheTomatoPie
BobTheTomatoPie

lol yea thats what i did

@DSAEvan

2 years ago
1
Wilke000
Wilke000

YES

@DSAEvan
!
image

I figured that out without your help!!!

MUHAHAHAHAHAHAH!!!!!

2 years ago
1
Baconman321
Baconman321

@Wilke000
That's not the actual message. That's the message of the disabled window.alert...

I had a bug with it always displaying that message tho...

2 years ago
1
Baconman321
Baconman321

@Wilke000
Hmmmm... how exactly?

2 years ago
1
Baconman321
Baconman321

@Wilke000
Yes, but how?

You can't just "click" most of the time...

2 years ago
1
Wilke000
Wilke000

This

@Baconman321
I am on a Chromebook, I double click
image

Sneaking through the crack......

2 years ago
1
Baconman321
Baconman321

@Wilke000
I have an idea on how to prevent that :D

2 years ago
1
Wilke000
Wilke000

:0

@Baconman321
YAY!!
I CLICKED THE BUTTON!!!

2 years ago
1
Wilke000
Wilke000

ALso, please put NAMES
image


@Baconman321

2 years ago
2
ZacharyElliott2
ZacharyElliott2

I am going to end up wasting a whole class with this. I hate you ;).

2 years ago
Load more