[Esd-l] FW: [BT] NOT GOOD: Outlook Express 6 + Internet
Explorer 6
Joe Steele
joe at madewell.com
Mon Apr 5 12:42:02 PDT 2004
On Monday, April 05, 2004 11:36 AM, Sergio P. Cesar wrote:
>
> Attached???? I see nothing attached.
>
My apologies.
John Hardin has since included the defanging of <FORM> tags
in the development version of the sanitizer.
The missing patch is also included in-line below. Some of the lines
are rather long, so watch out for possibly unexpected line wrapping.
Also watch out for possible defanging if you filtered this message
through the sanitizer before reading.
--Joe
--- html-trap.procmail.orig Sat Mar 13 10:48:27 2004
+++ html-trap.procmail Wed Mar 31 22:18:05 2004
@@ -554,7 +554,7 @@
:0 B
* ! SECURITY_TRUST_HTML ?? [^ ]
-* 9876543210^1 \<(html|title|body|meta|app|script|object|embed|i?frame|style|img|bgsound|layer|link)
+* 9876543210^1 \<(html|title|body|meta|app|script|object|embed|i?frame|style|img|bgsound|layer|link|form)
* 9876543210^1 =(3d)?[ ]*["'](&{|([a-z]+script|mocha):)
{
@@ -589,7 +589,7 @@
} #\
} #\
if (/<|%3c/) { #\
- s/(<|%3c)(META|APP|SCRIPT|OBJECT|EMBED|FRAME|IFRAME|LAYER|LINK)/$1DEFANGED_$2/gi; #\
+ s/(<|%3c)(META|APP|SCRIPT|OBJECT|EMBED|FRAME|IFRAME|LAYER|LINK|FORM)/$1DEFANGED_$2/gi; #\
unless ($ENV{"SECURITY_TRUST_STYLE_TAGS"}) { #\
s/<STYLE/ <!-- <DEFANGED_STYLE/gi; #\
s/<\/STYLE/ --> <\/DEFANGED_STYLE/gi; #\
More information about the esd-l
mailing list