Curiosity kills the cat.
I just logged in after my last post. My account was not yet deleted.

I now read it has been properly addressed in the meantime.
Thank you all. I can now again spend numerous hours browsing this forum again

(And it is just a coincidence that my virusscanner intercepted a malicious mail just two minutes ago.)

Offtop: If admins of this site would like to embed my board here just pm me [url]kocmohabt.baduk@gmail.com[/url]. As example of embedding http://gokifu.com/s/pb.y. Thank you.

Check out the site http://go.ba.net based on eidogo code but with the xss security vulnerability patched.

Boards can be embedded like this

<iframe src=http://go.ba.net/playgo/go-embed.html?sgf=example.sgf>
</iframe>

In your other announcement thread, you said that the vulnerabilities were only "mostly" patched (whatever that means), and based on a quick look, it appears that your javascript is still using eval in a few places to apparently do JSON parsing. Are you sure that you've patched up the XSS vulnerabilities properly?

Also, there seems to be little purpose to linking to your site via an iframe just to use something that is essentially EidoGo, which is already integrated into L19x19. In fact, this could create further security problems, if your site does something malicious or contains unfixed security issues that allows others to do malicious things.

Since your site is based on EidoGo, which is licensed under AGPL requiring derivative works to be open-source under AGPL as well, have you made your modified source code available somewhere (which would be required to comply with the AGPL)?

We used the eidogo ui javascript only. We run a different database, and added the SGF xss safety filter at the db level.