[Esd-l] FW: [BT] NOT GOOD: Outlook Express 6 + Internet Explorer 6

Joe Steele joe at madewell.com
Mon Apr 5 12:42:02 PDT 2004


On Monday, April 05, 2004 11:36 AM, Sergio P. Cesar wrote:
>
> Attached???? I see nothing attached.
> 

My apologies.

John Hardin has since included the defanging of <FORM> tags 
in the development version of the sanitizer.

The missing patch is also included in-line below.  Some of the lines
are rather long, so watch out for possibly unexpected line wrapping.  
Also watch out for possible defanging if you filtered this message 
through the sanitizer before reading.

--Joe

--- html-trap.procmail.orig	Sat Mar 13 10:48:27 2004
+++ html-trap.procmail	Wed Mar 31 22:18:05 2004
@@ -554,7 +554,7 @@
 
 :0 B
 * ! SECURITY_TRUST_HTML ?? [^ ]
-* 9876543210^1 \<(html|title|body|meta|app|script|object|embed|i?frame|style|img|bgsound|layer|link)
+* 9876543210^1 \<(html|title|body|meta|app|script|object|embed|i?frame|style|img|bgsound|layer|link|form)
 * 9876543210^1 =(3d)?[ 	]*["'](&{|([a-z]+script|mocha):)
 {
 
@@ -589,7 +589,7 @@
 			}	#\
 		}	#\
 		if (/<|%3c/) {	#\
-			s/(<|%3c)(META|APP|SCRIPT|OBJECT|EMBED|FRAME|IFRAME|LAYER|LINK)/$1DEFANGED_$2/gi;	#\
+			s/(<|%3c)(META|APP|SCRIPT|OBJECT|EMBED|FRAME|IFRAME|LAYER|LINK|FORM)/$1DEFANGED_$2/gi;	#\
 			unless ($ENV{"SECURITY_TRUST_STYLE_TAGS"}) {	#\
 				s/<STYLE/ <!-- <DEFANGED_STYLE/gi;	#\
 				s/<\/STYLE/ --> <\/DEFANGED_STYLE/gi;	#\


More information about the esd-l mailing list