QuoteAny vulnerability could /potentially/ be used to find the real IP address of the server hosting the .onion site, and could possibly also be used to attack the users visiting the site. Saying that it's just "a quick utility toss together" is a poor excuse, imo. I'm not saying the site itself sucks -- because I think it's great -- but I'm saying that releasing code that you know is vulnerable is a bad thing.I'm quite aware of what it's capable of doing however in this situation xss will not and can not reveal my location simply due to the method in which the server was setup though feel free to try at your please and share with us what you find however "I guess" I can fix this the only issue really is this "<H1>Search results for: $results_ </H1> "FIX:simple regex to sanatize the result in the <body>results_=`echo $1 | grep '[_-0-9A-Za-z ]'`please continue to try and find bugs :) and thank you for pointing it out however I'm not so much concerned about my security though I do understand that security of my users is most important