=================== Bug #373: Full Bug Snapshot ===================
Submitted by: ehood Project: MHonArc
Submitted on: 2002-May-10 00:18
Category: MIME Filter Severity: 1 - Ordinary
Bug Group: Undesired Behavior Resolution: None
Assigned to: ehood Status: Open
Platform Version: All Effort: 0.00
Component Version: Fixed Release:
Summary: Non-HTML data looking like URLs can be modified.
Original Submission: Non-HTML tag data that matches image/auto-loaded
attribute strings (e.g: src="...") can be modified during CID url resolution or
URL rewriting during base href resolution within the mhtxthtml.pl filter.
A complete solution would require full HTML parsing, but this would incur a
performance penalty. The current set of regular expressions are intended to
deal with security issues but minimize any performance penalties. Unclear if
existing html filter should be modified or a separate, more robust filter, can
be created, and allow users to choose which one they want. Contributors welcome
for developing a robust HTML filter.
No Followups Have Been Posted
For detailed info, follow this link: