[Mimedefang] Why 'defanged_src' ?
Graham Dunn
gdunn at inscriber.com
Mon Sep 30 15:44:01 EDT 2002
On Mon, Sep 30, 2002 at 01:18:22PM -0600, Ashley M. Kirchner wrote:
> Aaron Paetznick wrote:
>
> > That's Anomy's doing. I've struggled with this too. I believe someone
> > submitted a patch to this list that changes this behavior, but I'm not
> > sure what the status of that is. I don't think it is within
> > MIMEDefang's influence to bypass this problem, you'll need to change the
> > HTMLCleaner.pm file.
> >
> > Once we figure this out, maybe we can distribute a patch with the MD
> > package (ala MIME-Tools) that fixes this issue.
ureshii# diff -u HTMLCleaner.pm HTMLCleaner.pm.orig
--- HTMLCleaner.pm Thu Jun 6 12:16:05 2002
+++ HTMLCleaner.pm.orig Thu Jun 6 12:15:30 2002
@@ -408,7 +408,7 @@
"ismap" => "anything",
"loop" => "alnum",
"lowsrc" => "src",
- "src" => 1,
+ "src" => "src",
"start" => "alnum",
"usemap" => "href",
"vspace" => "size",
> Before we go that far, maybe we should figure out why first. There might
> be a valid reason, I just don't know what it is. I'd like to hear some
> arguments on this before making a decision on whether I want to defang img src
> tags or not.
AFAIK, the distastful thing about getting img src= in email is that
your email client goes and fetches that picture, giving the site owner
a log of who's reading the email that got sent ... I don't know enough
about web bugs to say this can be used in a similiar fashion.
I don't defang the img src tags.
Graham
More information about the MIMEDefang
mailing list