anomy-list

Announcing sanitizer.pl, revision 1.54

From: Bjarni R. Einarsson (52855@xyz.molar.is)
Date: Wed 18 Sep 2002 - 11:26:39 GMT

  • Next message: Andrew: "Re: Announcing sanitizer.pl, revision 1.54"

    When it rains it pours. :-)

    I've released a rather minor update to the Sanitizer:
    http://mailtools.anomy.net/.

    The only change this time is within the HTML cleaner (which has been
    updated to revision 1.17), adding protection against the hcp://
    protocol exploit discussed here:

     http://online.securityfocus.com/archive/1/287482/2002-08-15/2002-08-21/0

    When adding this I realized that there may be quite a few other
    protocols I should be blocking, so any feedback on what protocols
    you feel should be allowed in or banned from HTML src= and href=
    attributes would be most welcome.

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     52855@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: 52938@xyz.molar.is



    hosted by molar.is