Update of /home/users/mhonarc.org/ehood/cvs/mhonarc/mhonarc/MHonArc/lib
In directory denethor.mallorn.com:/tmp/cvs-serv11818
Modified Files:
mhtxthtml.pl
Log Message:
BUG #11762: Added rel="nofollow" to all <A> tags. Should any other tags
get it.
Escape vbscript and ecmascript strings along with javascript. IE
supports vbscript event handlers, so it is escaped to avoid XSS attacks.
Thanks to Amit Klein for catching this.
Index: mhtxthtml.pl
===================================================================
RCS file: /home/users/mhonarc.org/ehood/cvs/mhonarc/mhonarc/MHonArc/lib/mhtxthtml.pl,v
retrieving revision 2.36
retrieving revision 2.37
diff -C2 -r2.36 -r2.37
*** mhtxthtml.pl 17 Oct 2003 22:08:45 -0000 2.36
--- mhtxthtml.pl 2 May 2005 00:04:39 -0000 2.37
***************
*** 227,230 ****
--- 227,232 ----
# in it (like tabs and newlines).
$$data =~ s/\bj\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/_javascript_/gi;
+ $$data =~ s/\bv\s*b\s*s\s*c\s*r\s*i\s*p\s*t/_vbscript_/gi;
+ $$data =~ s/\be\s*c\s*m\s*a\s*c\s*r\s*i\s*p\s*t/_ecmascript_/gi;
# IE has a very unsecure expression() operator extension to
***************
*** 346,349 ****
--- 348,355 ----
$$data =~ s/<!--[^-]+[#X%\$\[]*/<!--/g; # Just mung them (faster)
}
+
+ ## Prevent comment spam
+ ## <http://www.google.com/googleblog/2005/01/preventing-comment-spam.html>
+ $$data =~ s/(<a\b)/$1 rel="nofollow"/gi;
($title.$$data, @files);
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-COMMITS