To start with, I'll say I have next to no Cross-Origin Resource Sharing (CORS) and XMLHttpRequest knowledge, and I don't implement them in my own coding projects.
It seems that XMLHttpRequest are against site rules, but I need clarification over it's use.
Basically it was implemented briefly on the Lazarus forum by one of our members as a test code. Till we were advised this could be in breach of site rules.
I don't know the full origin of the code, or where it came from. Just that it was hosted on the ZB forum, and technically would break site rules somehow.
The first code was meant to take a nation name [typed in by a member], and then show it in a box, as a link.*
The second code added an image retrieval request of some kind.
Sorry about this. I don't want to make a habit of it obviously, and I'll keep a close eye on what scripts are actually implemented in the future.
It was just hard for me to spot this, since as I said before, I don't use them myself, so don't know what they are all about.
*http://support.zathyus.com/topic/5153198/1/
Edit: Added the link to the first script.