[Mimedefang] Another Update to MIMEDefang Filter KAM
Kevin A. McGrail
kmcgrail at pccc.com
Wed Apr 21 15:02:02 EDT 2004
It's my belief that anomy's html cleaning abilities are significantly
lack-luster/problematic/etc. as to possible merit removal from MIMEDefang at
some near point in the future ;-)
In case anyone cares, $/ is the input delimiter variable and is typically
set to \n (newline). By setting it to undef, it reads the whole shebang as
a single file. However, I'm not sure you really answered the question below
BUT I think you might have pointed me in the right direction because of this
tidbit in the docs:
Body Stores body When open()ed,
class: data in: returns:
--------------------------------------------------------
MIME::Body::File disk file IO::Handle <------
So knowing that it's a front-end for IO::Handle, I searched the source code
for Handle.pm confirmed that it reacts to the $/ changes. Therefore, here
is the updated code to do one regexp after slurping and implements the size
check thanks to DFS and Stefen's input:
NOTE: It's in the filter () section in the file here:
http://www.peregrinehw.com/downloads/MIMEDefang/mimedefang-filter-KAM
#Disable bad HTML code -- Based on work by Columbia University / Joseph
Brennan
#Modified by KAM 2004-04-16
#Modified by KAM 2004-04-21 to add slurp of entire message and one
regexp check + size check
if ($type eq "text/html") {
my($currentline, $output, $badtag, $delimiter_backup, $sizelimit);
$badtag = 0;
$output = "";
$sizelimit = 1048576; #1MB #max size of an email you want to check in
bytes
$delimiter_backup = $/;
if (-s "$entity->bodyhandle->path" <= $sizelimit) {
if ($io = $entity->open("r")) {
undef $/; # undef the seperator to slurp it in.
$output = $io->getline;
$io->close;
$badtag = $output =~ s/<(iframe|script|object)\b/<no-$1 /igs;
if ($badtag) {
if ($io = $entity->open("w")) {
$io->print($output);
$io->close;
}
md_graphdefang_log('modify',"$badtag Iframe/Object/Script tag(s)
deactivated by MIMEDefang");
action_change_header("X-Warning", "$badtag Iframe/Object/Script
tag(s) deactivated by MIMEDefang");
action_rebuild();
}
}
}
$/ = $delimiter_backup;
}
Regards,
KAM
More information about the MIMEDefang
mailing list