jkk / eidogo Goto Github PK
View Code? Open in Web Editor NEWWeb-based Go app and embeddable SGF viewer
Home Page: http://eidogo.com/
Web-based Go app and embeddable SGF viewer
Home Page: http://eidogo.com/
How can i fix this?
The number marker increments for each successive placed marker, however, upon using "clear marker" and placing another number, the value is the next incremented number.
Example:
What should happen instead is the highest value placed should be the lowest+1 of the current collection of markers.
When using both tree view and shortcut after reusing the same container and playing the mark "current node" stay on several nodes on the tree view.
example:
var player = new eidogo.Player({
container: "player-container", // HTML element id indicating where to put the player
theme: "standard", // "standard" or "compact"
sgfUrl: "sgf/example.sgf", // relative URL (within same domain) to SGF file to load
loadPath: [0, 0], // The location within the game tree to start at
mode: "play", // "play" or "view"
showComments: true,
showPlayerInfo: true,
showGameInfo: true,
showTools: true,
showOptions: true,
showNavTree: true,
markCurrent: true,
markVariations: true,
markNext: false,
enableShortcuts: true,
problemMode: false
});
var player = new eidogo.Player({
container: "player-container", // HTML element id indicating where to put the player
theme: "standard", // "standard" or "compact"
sgfUrl: "sgf/example.sgf", // relative URL (within same domain) to SGF file to load
loadPath: [0, 0], // The location within the game tree to start at
mode: "play", // "play" or "view"
showComments: true,
showPlayerInfo: true,
showGameInfo: true,
showTools: true,
showOptions: true,
showNavTree: true,
markCurrent: true,
markVariations: true,
markNext: false,
enableShortcuts: true,
problemMode: false
});
then press several time on right key
The custom labels "circle", "square", "triangle", and "ex" (cross) produce the corresponding basic shape markup instead of a label with the given string.
Uploading the SGF file string "(;LB[aa:ex])" places a cross in the upper left, and subsequently downloading the SGF still returns "(;LB[aa:ex])".
When using the "black stone" or "white stone" tools to add/remove stones, the editor will place setup properties (AB, AW, AE, etc.) to be placed alongside move properties (B, W, etc.).
The SGF standard specifies that this is illegal for FF[4].
http://www.red-bean.com/sgf/sgf4.html#2.2.1
Variations can be edited/extended in the problem mode, which causes the original programming of the problem to be overridden.
For example, clicking on the back button after an automatic response move then allows the user to change and override the programmed response. Also, after reaching the end of a variation, the user can freely play both colors creating a new sequence of automatic responses.
eidogo.com is vulnerable to LFI in the SGF file upload in "Fetch SGF from a URL".
A malicious actor can exploit this vulnerability to retrieve sensitive files that stored in the server
Here are examples exploiting this vulnerability:
https://github.com/jkk/eidogo/blob/master/backend/upload.php#L32-#L37
User controlled input must be sanitized.
http://www.dragongoserver.net/game.php?gid=769859 does not load.
possibly related to this line
looks like EidoGo is fatally flawed for not taking all board sized into account.
Hello Go friends, I'm seeking a way to keep getting the current Move number to as the user move forward or backwards, I'm not sure where is a good point to start looking, please help, thnx
Hello eidogo developers,
I'm writing a tsumego solving js library and found that eidogo can simplify my debugging experience: eidogo can render the search tree and help me understand where the algorithm chose a wrong way. Essentially I need from eidogo a few things:
It's clear how to render SGF from the samples, but it doesn't seem so clear how to do the rest. Since I couldn't find an interface definition of eidogo, I had to see in debugger how the UI achieves what I need: I put a breakpoint in player.js, click on the board and see what happens. So far I've figured out that in order to play a move it does .playMove, .board.commit and .board.render: this seems to add the move, but doesn't update the game tree.
It would be nice to have the eidogo's interface in form of a TypeScript's .d.ts file:
declare module eidogo {
interface Player {
/** move = "ca", color = -1 (white) */
playMove(move: string, color: number);
board: {
commit(): void;
render(): void;
}
}
}
Thanks.
For example, in http://eidogo.com/#3lyWFDzxv:0,0, after BJ17, WJ17, BK15, the node for the WL17 continuation has the wrong parent.
Auto-detect support for new a[download] attribute, and use it to download games where there's no pre-existing download link, in preference to DataURIs.
When I load my game into eidogo via this URL:
http://eidogo.com/#url:http://online-go.com/api/v1/games/938171/sgf
and then open the Chrome Developer Tools, the console yields this stack backtrace:
Uncaught TypeError: undefined is not a function
eidogo.Player.showComments
eidogo.Player.execNode
eidogo.Player.refresh
eidogo.Player.goTo
eidogo.Player.load
eidogo.SgfParser.init
eidogo.SgfParser
On Mozilla Firefox, I get: TypeError: _13f.replace is not a function
On Safari, the call to .showComments()
leads to this error:
TypeError: undefined is not a function (evaluating '_13f.replace(/^(\n|\r|\t|\s)+/,"")')
When placing a letter marker, clearing it, and placing again, the next letter in alphabet is used.
Example:
The highest letter should be the lowest+1 of all current letter markers.
When placing a marker, and then trying to clear it, it does not work. This happens when there is one marker.
Example:
test issue
Clear Marker tool seems to only work on Letter and Number marks.
I have tested this on Chrome and Safari for Mac.
This is an issue because a position cannot be deleted unless all properties are removed.
At the moment I cannot find a way to remove Triangle, Square, Circle or X marks from a position.
Under the option "paste raw SGF" I tried opening an SGF file in notepad and got this text: https://pastebin.com/raw/PaFjvbr6
When I copy/paste it into the eidogo box, I get an error that says "Received invalid game data". Am I doing it correctly? What does eidogo want when it says to input raw SGF?
Backup link: https://www.reddit.com/r/baduk/comments/lzmcof/how_to_upload_raw_sgf_to_eidogocom/
One can place Letter markers beyond Z at which point the special characters are used until a-z are used. After these, the other special characters are used. When these are used up, no further character is placed.
It should only go through A-Z and then a-z. Beyond that, "Custom Label" should be used.
I would love to see eidogo use query parameters to identify games, like this:
http://eidogo.com/?game=abcdefg
instead of (or alternative to) the current implementation which uses fragment identifiers
http://eidogo.com/#abcdefg
This would solve a problem on reddit (which uses eidogo.com quite a bit), where reddit only allows a single story to link to a given page. Fragments are intended to identify a location in a page, rather than a separate page, so reddit currently sees all fragments on the same base URL as the same page. Using unique query strings would allow sites like reddit to distinguish between different games, and help users post review requests for their games.
If a basic shape (circle, square, triangle, or cross) is used to mark a variation, instead of showing the shape, the name of the shape is shown as if it were a custom label.
The score estimator seems to stop processing moves beyond any move that has a ] in the comments.
Example: http://www.dragongoserver.net/sgf.php?gid=596669, you don't get anything except the score from the first move or two. If I remove the close brackets, it works as expected. I believe they are properly escaped.
EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.
There are actually two separate XSS vulnerabilities:
Here are examples exploiting each vulnerability:
http://eidogo.com/#xqRLkZhw
http://eidogo.com/#AKilSuG4
A patch attempting to mitigate these security vulnerabilities was submitted in this pull request:
#26
See this pull request for more discussion of the changes.
Note that the pull request does not include an updated minified file. However, a minified file incorporating this patch has been prepared by the OGS developers and is available here:
http://cdn.online-go.com/eidogo.min.js
Compare with:
https://raw.githubusercontent.com/jkk/eidogo/master/player/js/all.compressed.js
The identifier "CVE-2015-3172" has been assigned to refer to this issue.
Disclosure timeline:
April 7, 2015: Privately notified developer of security vulnerability
April 13: Developer acknowledged notification
May 12: Pull request submitted (as requested by developer)
May 14: Webmasters of several affected sites notified in advance
June 14: Public disclosure (having not heard back from developer since before the pull request)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.