[Mimedefang] Anomy::HTMLCleaner
Tilman Kastner
kastner at devicen.de
Fri Aug 25 08:09:03 EDT 2006
On Thursday 24 August 2006 16:42, Ashley M. Kirchner wrote:
> The following notice has existed in mimedefang-filter for quite some
> time now:
>
> # NOTE: We consider Anomy::HTMLCleaner to be TOO BUGGY for
> # production use. Uncomment the next lines at your peril!
>
> Perhaps because it Anomy::HTMLCleaner hasn't been updated in a
> while, I don't know. But, is this still the case, and if so is there
> another solution or is it not worth looking in to?
No Problems here. The latest version of HTML Cleaner code is 1.26, dating from Jan 2006.
I have it in production at several sites.
It's called by:
if ($Features{"HTMLCleaner"}) {
if (($type eq "text/html" || re_match_ext($entity, '^\.(htm|html)$')) && !relayIsTrusted($RelayAddr)) {
$hash = { };
$hash->{"Paranoid"} = 1;
$hash->{"NoWebBugs"} = 1;
$hash->{"tag:div"} = "p";
anomy_clean_html($entity, $hash);
action_accept_with_warning("HTML tags constituting a possible security hazard were deactivated");
}
}
I would strongly oppose removing the hook for it.
Tilman
--
Tilman Kastner abian GmbH
Tel.: (05 11) 9 29 99 66 Deisterstrasse 81
Fax: (05 11) 9 29 99 33 30449 Hannover
PGP key available Germany
More information about the MIMEDefang
mailing list