Won't people realize that doing that would detract from the experience of other users?

Haha, just kidding! Moved everything into a closure. Thanks for suggesting it.

Sure, now they'll need to do `cm = document.body.getElementsByClassName("CodeMirror")[0].CodeMirror` first.

(I.e. it's client-side, you can't prevent people from doing whatever they want.)

Well, if you don't attach the Firepad instance to the element and it's in a closure I'm pretty sure you couldn't modify it. I'd love to be corrected if this is incorrect.

Obviously you can't be stopped from editing the contents of the editing area, so if it works by simply checking for your updates to the editor then you can't stop it.

Yeah. They could also build a robot to mash on their keyboard (or make an arduino-based USB input device, or ...)

In non-demo scenarios, you'd have authentication and security rules set up to prevent this sort of abuse / trolling / etc.

The main reason I bothered adding the closure was so people wouldn't copy/paste the code snippet from the HN post and have it work. :-)

Browsers have debuggers, which allow users to set breakpoints and inject/run arbitrary code in the context of some function. (At least Chrome allows that, not sure about others.)