[Mimedefang] javascript in html attachments
Joseph Brennan
brennan at columbia.edu
Mon Aug 9 14:32:12 EDT 2004
--On Monday, August 9, 2004 11:28 AM -0600 Lucas Albers
<admin at cs.montana.edu> wrote:
> I couldn't find your javascript post in teh archive, could you provide
> more information on what you tags you stript from html via mimedefang?
Someone else made this a little better, and have just realized I never
took advantage of those changes. For one thing naming a variable $bla
shows my lack of imagination. Anyway, this is what we do instead of
Anomy::HTMLCleaner. Change Columbia to something else please.
It changes iframe, script, object to no-iframe, no-script, no-object.
Note that $badtag ends up with the last value it is given, so this does
not record multiple problems in the same message. If this were made
more generic it would be better to make $badtag more useful. Its purpose
here is mainly to flag that something was found.
# Check for bad code in HTML parts
if ($type eq "text/html") {
my($bla,$badtag);
if ($io = $entity->open("r")) {
while (defined($_ = $io->getline)) {
# note iframe, script, object
if (/<(iframe|script|object) /i) {
$badtag = $1;
$_ =~ s/<(iframe|script|object)\b/<no-$1 /ig;
}
$bla .= $_;
}
$io->close;
}
# if we found anything, we have to rewrite this part
if ($badtag) {
if ($io = $entity->open("w")) {
$io->print($bla);
$io->close;
}
md_graphdefang_log('modify',"$badtag tag deactivated by
Columbia fi\
lter");
action_change_header("X-Warning",
"$badtag tag modified by Columbia filter");
action_rebuild();
}
}
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list