anomy-list

Re:

From: Dave Cridland (41685@xyz.molar.is)
Date: Thu 25 Apr 2002 - 17:15:50 UTC

  • Next message: Colin Stubbs: "regex matching in anomy HTML"

    On Thu, 2002-04-25 at 13:03, Valentas Titarenka wrote:
    > When I send HTML mail with code:
    > <P><IMG src="http://bla bla"></P>
    >
    > After Sanitizer I get:
    > <P><IMG DEFANGED_src="http://bla bla"></P>
    >
    > Maybe you know why?

    Given the configuration, no, I don't.

    However, that's perfectly sensible - remotely accessed image files can
    cause logging of who read the email - very useful for spam, and gives
    you information about the system used in some cases. The Anomy Sanitizer
    may be spotting this special case, and defanging the attribute
    regardless of whether the attribute itself is safe - the contents
    aren't.

    Dave.



    hosted by molar.is