I myself prefer to serve content only from local server, this is old fashioned, meanwhile the web-sites all use so called micro-services....everything external you include can be use for exploits in theory, cross-site scripting:
I know how live viewing with pgn4web works: the one running the tourney constantly uploads the growing PGN file to the website where the HTML page containing the pgn4web applet resides. This assumes you have webspace where you can upload arbitrary files. Which is certainly not something we would want to allow here.
I don't know if pgn4web can do anything that my own viewer cannot already do. And I know lots of things it cannot do (like anything that is not orthodox chess).
Cross-site scripting is a vulnerability, but I don't think there is any sequence of chess moves that could fool anyone into thinking it is something else. So if the upload script makes sure the appended values are chess moves (say in long-algebraic notation, which is simple to check), that seems sufficient defense. Together with a length limit, to prevent filling the disk.
hgm wrote: ↑Tue Mar 05, 2024 9:11 pm
[...]
Cross-site scripting is a vulnerability, but I don't think there is any sequence of chess moves that could fool anyone into thinking it is something else. So if the upload script makes sure the appended values are chess moves (say in long-algebraic notation, which is simple to check), that seems sufficient defense. Together with a length limit, to prevent filling the disk.
xenos1984 wrote: ↑Tue Mar 05, 2024 9:09 pm
I think it would be nice to have avatars - currently the user control panel says they are disabled.
I did send the link of this thread to the Founders Group, so they can consider the member requests made.
xenos1984 wrote: ↑Tue Mar 05, 2024 9:09 pm
In any case, thanks for the nice works on the forum - especially the possibilities to post (fairy) chess positions and game logs are pretty nice!
xenos1984 wrote: ↑Tue Mar 05, 2024 9:09 pm
I think it would be nice to have avatars - currently the user control panel says they are disabled.
I now switched on the avatars, and indeed my old avatar appeared. If anyone that used to have an avatar before March 1 doesn't see the same avatar now, please let me know.
It could be because the image is on a http site, while the forum now is https.
Can you upload the avatar to the forum? I had switched this option on, but it appeared that the upload directory was not writable. I now corrected this.
hgm wrote: ↑Thu Mar 07, 2024 8:15 am
Can you upload the avatar to the forum? I had switched this option on, but it appeared that the upload directory was not writable. I now corrected this.
chesskobra wrote: ↑Tue Mar 05, 2024 2:14 pm
2. Too much white space. Maybe others like it.
I modded the colors for forum view, let me know, if better, or propose own color settings:
Sorry, I think my comment caused some confusion. I didn't mean the white colour, I just meant too much blank space. But now that I look at it again, it looks fine; I don't think there is too much blank space.