On Thu, 27 May 1999, Aleph One wrote: > That doesn't really cut it. You can embed JavaScript into things > linke onClick, onLoad, etc. You need to kill all those as well. Thanks for pointing that out. I've updated the sanitizer to defang the event handlers explicitly, which saves blocking the <BODY> and <TITLE> tags themselves, and also protects links. The current release of the sanitizer is 1.84 and it is available at ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html -- John Hardin KA7OHZ jhardinat_private pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 ----------------------------------------------------------------------- Efficiency can magnify good, but it magnifies evil just as well. So, we should not be surprised to find that modern electronic communication magnifies stupidity as *efficiently* as it magnifies intelligence. -- Robert A. Matern ----------------------------------------------------------------------- 89 days until 9/9/99
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:17 PDT