[From an anti-mail-exploit-procmail-filter-perl-script (see http://www.wolfenet.com/~jhardin/procmail-security.html):] > s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi; This Pattern will catch lines like <body onload="badthings()"> converted to <BODY DEFANGED-ONLOAD="badthings()"> but not <body onload="badthings()" onload="badthings()"> converted to <BODY onload="badthings()" DEFANGED-ONLOAD="badthings()">] So one onload=... will stay and act. Also things like < body ... > wont be catched. I dont know if those are leading spaces are proper HTML, but even if not, one should not suppose every bad HTML to be rejected. DniQ.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:57 PDT